Getting started with Epic.

[James Gomez]

Hi everyone,
I am building a mobile app. I am gonna integrate Epic in my mobile app.

I am working with OAuth 2 authentication on Epic.

I made new app on open.epic.com so I got client id. client id: d7942122-6371-4b44-bb3b-957cc6a2afef

now my app's redirect URL is http://localhost:8000, FHIR APIs: Patient.Read.

First, I fetched the metadata using this url :- https://open-ic.epic.com/Argonaut/api/FHIR/Argonaut/metadata 

So I got authorization url and token url on the response.

Second, I am gonna get authorization code.

but I am not sure what is the authorization request endpoint to get authorization code.

I'm working step by step as in this tutorial https://open.epic.com/Tutorial/OAuth

I used this endpoint.

https://open-ic.epic.com/argonaut/oauth2/authorize?response_type=code&<my client id>&redirect_uri=http://localhost:8000/

I am getting "OAuth2 Error: INVALID_CLIENT, ..."

I'd like to know the correct authorization request endpoint format.

Please let me know how I can get authorization code.

thanks.

James.

[Sneha]

James,

When you create a app you get to 2 client id. Please select the NONPROD CLIENT ID . 

That will solve  the issue. 

[Michele Mottini]

...also, it should be '....&client_id=<my client id>'

  - Michele

  CareEvolution Inc

--
You received this message because you are subscribed to the Google Groups "SMART on FHIR" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smart-on-fhir+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[James Gomez]

Hi Sneha, Michele,
Thanks for your help.

I got authorization code.

James.

To unsubscribe from this group and stop receiving emails from it, send an email to smart-on-fhi...@googlegroups.com.

[James Gomez]

Hi everyone,

I am gonna get the refresh token on Epic now.

But I can't find any tutorial or documentation for getting the refresh token.

please let me know how can I get the refresh token on Epic.

Thanks.

James.

[Michele Mottini]

Try with an 'offline_access' or 'online_access' scope - but I am not sure Epic supports refresh tokens, for sure they do not support them for patient access end points

  - Michele

  CareEvolution Inc

To unsubscribe from this group and stop receiving emails from it, send an email to smart-on-fhir+unsubscribe@googlegroups.com.

[Isaac Vetter]

Hi James,

Currently the client ids that you get from the open.epic MyApps site don't come with a client secret -- which is a requirement for getting/using refresh tokens.

Isaac Vetter

Epic

[Pascal Pfiffner]

I want to add that you should try to use an existing OAuth2 library. It's easy to implement yourself, and it's easy to get it wrong. There are many libraries available, starting with the list here: https://oauth.net/code/

Pascal

[James Gomez]

Hi All,

I am not sure about current your methods.

Now access token is expired according to the time on Epic.
so I can't use access token that I got on my project all the time.

I am going to get refresh token on Epic.

but I don't have any solution about it now.

please let me know if you have any idea.

Thanks,

James

[Pascal Pfiffner]

Hi James,

This is standard OAuth2 behavior. Access tokens expire after a certain amount of time, usually that's 1 hour. After that you can either use a refresh token to get a new access token, or you'll have the user sign in again. This is a good article explaining the concepts:

https://aaronparecki.com/2012/07/29/2/oauth2-simplified

Hope this helps,

Pascal

[James Gomez]

Thanks for your help, Pascal.

[Shilpa v n]

Hi All,

Please can anybody let me know how to get the code and authorization token for EPIC by using the following URL's given on the epic website,

Authorization URL - "https://open-ic.epic.com/Argonaut/oauth2/authorize"/

Token URL - "https://open-ic.epic.com/Argonaut/oauth2/token"/

i used the following end point to get the code,  but still getting the INVALID_CLIENT error.

https://open-ic.epic.com/argonaut/oauth2/authorize?response_type=code&client_id=ab243814-a0c0-44cc-97c7-89c2226c7baf&redirect_uri=http://localhost:8000

Please can anybody help me on this.

With Thanks

Shilpa