Standalone App Launch and auth using OAuth 2.0

Anaan Ramay

unread,

Oct 26, 2020, 9:49:21 PM10/26/20

to SMART on FHIR

Hi all,

I'm new to this group and SMART on FHIR application development. I am currently in the process of authenticating my application before searching for Patients on Epic. I am able to establish an initial handshake using a JS fetch() query and get an OK response with the text body of an html form for login access to my application from Epic. (screenshot below).

This is the url used to send that initial request:

https://apporchard.epic.com/{interconnect-part-of-url}/oauth2/authorize?response_type=code&redirect_uri=[redirect_uri]&client_id=[client_id]&state=[state]

Now I have no clue how to proceed with actually using the provided credentials in this form that has been returned. If I render the page, fill form and hit the login button, I am redirected to the login subdirectory on my local dev env. I have spent endless hours trying to understand what to do with this form and how to actually send the form data back to epic to finish authentication.

This application is written in JS and can use any of the FHIR versions Epic allows. The main reason I came here to post was to ask for resources for beginners to understand the flow of authentication as the flow provided by App Orchard Epic seems to miss some major steps in the OAuth 2.0 tutorial and the fhir client for js does not seem to provide a lot of documentation about its own components. Any help regarding what direction to take from this point on would be highly appreciated. I have attached a screenshot of the page that I am referring to. Screenshot 2020-10-26 at 18.41.32.png

Michele Mottini

unread,

Oct 27, 2020, 9:57:02 AM10/27/20

to SMART on FHIR

If I render the page, fill form and hit the login button, I am redirected to the login subdirectory on my local dev env.

That's correct: that redirect URL should contain a 'code' parameter, grab that and use it to get the access token as described at https://tools.ietf.org/html/rfc6749#section-4.1.3

See also specifications at http://www.hl7.org/fhir/smart-app-launch/

- Michele

CareEvolution

Kenta ito

unread,

Mar 23, 2023, 5:17:22 AM3/23/23

to SMART on FHIR

Hi All,

Did you solve this issue out?

I'm facing the same issue as I'm following the Standalone App Launch section.

If I render the page, fill form and hit the login button, I'm redirected to the login subdirectory on my local dev env.

Could you please give me tips for figuring this issue out?

Thanks,

Kenta.

Tomomi Yamano

unread,

Mar 23, 2023, 8:48:37 AM3/23/23

to Kenta ito, SMART on FHIR, ad...@burai.live

Hello Kenta,

I sent the email over to you to learn more issue.

as somebody copied and pasted the reference url, the parameters are required to call the token?

CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) and may contain confidential and/or privileged information and may be legally protected from disclosure. If you are not the intended recipient of this message or their agent, or if this message has been addressed to you in error, please immediately alert the sender by reply email and then delete this message and any attachments. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited.
--
You received this message because you are subscribed to the Google Groups "SMART on FHIR" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smart-on-fhi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/smart-on-fhir/317d59ed-2908-4d6c-aee8-340d349ed181n%40googlegroups.com.

Kenta ito

unread,

Mar 23, 2023, 10:13:14 AM3/23/23

to Tomomi Yamano, SMART on FHIR, ad...@burai.live

Hi Tomomi,

Thank you for your kind reply.

This is the authorization url that I'm using:

https://fhir.epic.com/interconnect-fhir-oauth/oauth2/authorize?response_type=code&redirect_uri=http://localhost:8000/epic-authorization&client_id=6da7c0d6-4996-4e68-8e0a-bd637868b410&state=abc123&aud=https://fhir.epic.com/interconnect-fhir-oauth2/api/fhir/dstu2

The problem is that when I try to open a new tab pointing to the authorization url, I'm redirected to the following url and get 404 error:

https://fhir.epic.com/HSWeb_uscdi/HSWeb_uscdi_1040-2?ticket=Ak4Ul8lWasbd%2fEvwfbDPBWq9g2So9VAJQerDpl8TxEwGro%2b%2bqGXMfsJmLH8d5Wcno2t2m7Sahq1Qhr6Wv7yP8cu1s9S4%2fJgCfFSaEPI6h6l2pSIRPttglAIO86IXa0Ah&response_type=code&redirect_uri=http://localhost:8000/epic-authorization&client_id=6da7c0d6-4996-4e68-8e0a-bd637868b410&state=abc123&aud=https://fhir.epic.com/interconnect-fhir-oauth2/api/fhir/dstu2

But when I send a get request to the authorization url using GuzzleHttp, I can get the content of the login page.

This is the PHP code that I'm using:

This is the login page that I can get:

As you can see from the screenshot, since the login page is now being displayed on my local env not on authorization server, its css is broken.

And when I fill the login form and press "Log In" button, it goes to my localhost/login route.