Epic Authorize API - The request is invalid

[Fhiruser]

Am trying to call the Authorize method of Epic, but it gives 

        <h1>An error has occured.</h1>

<h3>The request is invalid.</h3>

Am calling the method from my MVC Web Application using HttpWebRequest , i use non-prod client id only.

Code snippet below.

  public ActionResult Index()

        {

            string url = "https://open-ic.epic.com/argonaut/oauth2/authorize?response_type=code&client_id=a8e71151-8fdf-41e6-8b22-d0799269de69&redirect_uri=http://localhost/PatientMonitor/Patient/";

           

            var request = (HttpWebRequest)WebRequest.Create(url);

            request.Method = "POST";

            request.ContentType = "application/x-www-form-urlencoded";

            

            var postStream = request.GetRequestStream();

            var response = (System.Net.HttpWebResponse)request.GetResponse();

            var reader = new System.IO.StreamReader(response.GetResponseStream());

            var jsonResponseString = reader.ReadToEnd();

            reader.Close();

            response.Close();

            return View();

        }

[Michele Mottini]

You should not POST to the authorization URL, you have to redirect to it

  - Michele

  CareEvolution Inc

[Fhiruser]

I tried the below.

 public ActionResult Index()

        {

            string url = "https://open-ic.epic.com/argonaut/oauth2/authorize?response_type=code&client_id=a8e71151-8fdf-41e6-8b22-d0799269de69&redirect_uri=http://localhost/PatientMonitor/Patient/";

            Response.Redirect(url);

           // return View();

            return null;

        } 

Getting error as : 

An error has occured.

The request is invalid.

-------

My requirement is : I want to call the EPpic apis in a asp.net mvc application. 

I use redirect_uri=http://localhost/PatientMonitor/Patient/ - Is this OK?

[Michele Mottini]

 public ActionResult Index()

        {

            string url = "https://open-ic.epic.com/argonaut/oauth2/authorize?response_type=code&client_id=a8e71151-8fdf-41e6-8b22-d0799269de69&redirect_uri=http://localhost/PatientMonitor/Patient/";

            Response.Redirect(url);

           // return View();

            return null;

        } 

You are missing &aud and &scope from your URL. Also, the redirect URI should be the exact same as one used when you registered your client

Here is an example of a correct redirect URL for a different app:

https://open-ic.epic.com/Argonaut/oauth2/authorize?response_type=code&client_id=44d7c35a-f6e7-4481-8b69-31d4d8017f03&redirect_uri=https%3A%2F%2Fdemo.careevolution.com%2FSMARTest%2FSMARTest.html&aud=https%3A%2F%2Fopen-ic.epic.com%2Fargonaut%2Fapi%2FFHIR%2FArgonaut%2F&scope=launch%2Fpatient%20patient%2F*.read

    - Michele

   CareEvolution Inc

[Fhiruser]

Thanks Michele its working now. Its redirecting to MyChart and after login  there it is coming back to my Application.

How can we avoid logging to MyChart every time where we start our web application, Its awkward to get that page always.

[Fhiruser]

Now issue in getting Access Token, i used the auth code got in the previous request here as below:

https://open-ic.epic.com/argonaut/oauth2/token HTTP/1.1?grant_type=authorization_code&code=0Pwu2BiyAs_I3vt-

wqpfGIYxPMiHqn3BPMJ8wFklE9cAQwJVUoX2OsVgbp2JMRODeJu2IShzQTKMK9RC6tLWvgA-Pndksjn-

b9R18t9RjGlwDpRSIb5LNzDEVph8CKxD&redirect_uri=http://localhost/PatientMonitor/Patient&client_id=a8e71151-8fdf-41e6-8b22-d0799269de69

The remote server returned an error: (404) Not Found.

[Michele Mottini]

Now issue in getting Access Token, i used the auth code got in the previous request here as below:

https://open-ic.epic.com/argonaut/oauth2/token HTTP/1.1?grant_type=authorization_code&code=0Pwu2BiyAs_I3vt-

wqpfGIYxPMiHqn3BPMJ8wFklE9cAQwJVUoX2OsVgbp2JMRODeJu2IShzQTKMK9RC6tLWvgA-Pndksjn-

b9R18t9RjGlwDpRSIb5LNzDEVph8CKxD&redirect_uri=http://localhost/PatientMonitor/Patient&client_id=a8e71151-8fdf-41e6-8b22-d0799269de69

The token request should be a POST with  

grant_type=authorization_code&code=0Pwu2BiyAs_I3vt-

wqpfGIYxPMiHqn3BPMJ8wFklE9cAQwJVUoX2OsVgbp2JMRODeJu2IShzQTKMK9RC6tLWvgA-Pndksjn-

b9R18t9RjGlwDpRSIb5LNzDEVph8CKxD&redirect_uri=http://localhost/PatientMonitor/Patient&client_id=a8e71151-8fdf-41e6-8b22-d0799269de69

in the body. Are you doing that?

  - Michele

  CareEvolution Inc

[Fhiruser]

This is what i am doing, please check, is my url correct - https://open-ic.epic.com/argonaut/oauth2/token HTTP/1.1

string url = "https://open-ic.epic.com/argonaut/oauth2/token HTTP/1.1";

            var request = (HttpWebRequest)WebRequest.Create(url);

            request.Method = "POST";

            request.ContentType = "application/x-www-form-urlencoded";

            string reqBody = "{\"grant_type\":\"authorization_code\",\"code\":\""+code+"\",\"redirect_uri\":\"http://localhost/PatientMonitor/Patient\",\"client_id\":\"a8e71151-8fdf-41e6-8b22-d0799269de69\"}";

            var postStream = request.GetRequestStream();

            postStream = request.GetRequestStream();

            var bytes = Encoding.UTF8.GetBytes(reqBody);

            postStream.Write(bytes, 0, bytes.Length);

            postStream.Close();

            var response = (System.Net.HttpWebResponse)request.GetResponse();

            var reader = new System.IO.StreamReader(response.GetResponseStream());

            var jsonResponseString = reader.ReadToEnd();

            reader.Close();

            response.Close();

[Michele Mottini]

The body is wrong - you are sending JSON, it should be urlencoded instead

By the way, Epic has its own support e-mail list: op...@epic.com

  - Michele

  CareEvolution Inc

[Fhiruser]

I tried urlencode as below still getting 404. Could you please point out the error in the code or send a sample. Am i missing any parameters?

 public ActionResult Index(string code)

        {

            string url = "https://open-ic.epic.com/argonaut/oauth2/token HTTP/1.1";

            var request = (HttpWebRequest)WebRequest.Create(url);

            request.Method = "POST";

            request.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";

            request.ContentType = "application/x-www-form-urlencoded";

            string reqBody = "grant_type=authorization_code&code=" + code + "&redirect_uri=http://localhost/PatientMonitor/Patient&client_id=a8e71151-8fdf-41e6-8b22-d0799269de69";

            var postStream = request.GetRequestStream();

            postStream = request.GetRequestStream();

            var bytes = Encoding.UTF8.GetBytes(reqBody);

            postStream.Write(bytes, 0, bytes.Length);

            postStream.Close();           

            var response = (System.Net.HttpWebResponse)request.GetResponse();

            var reader = new System.IO.StreamReader(response.GetResponseStream());

            var jsonResponseString = reader.ReadToEnd();

            reader.Close();

            response.Close();

            return View();

        }

[Michele Mottini]

            string url = "https://open-ic.epic.com/argonaut/oauth2/token HTTP/1.1";

Wrong URL                                                                                           ^^^^^^^^^^

            request.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";

The response is JSON, not html or XML

 - Michele

  CareEvolution Inc

[Fhiruser]

Awesome, it worked - i got the token. I will continue further..

Thanks lot for the help. 

[Fhiruser]

Am able to get the patient data now.

In real world scenario, i will be trying to connect to EPIC from a WCF service, First its redirecting to MyChart and after login  there it will come back to my Application.

How can we avoid logging to MyChart every time because from a wcf service its awkward to get the login page.

[Fhiruser]

Let me explain my workflow :

I have a WCF service which will be deployed in the Hospital where Cerner also installed. My need is to fetch the patient information for the patientid given using this Wcf service methods.

Would there be individual urls for each hospital?

This kind of  a scenario how can we implement using the sandbox authorization? single sign on ?

[Alexpandiyan Chokkan]

Hi Michele,

How to get the token? Where we will get the token? I have tried as per your response and but didn't receive any token instead it redirects to MyChart page.

https://open-ic.epic.com/Argonaut/oauth2/authorize?response_type=code&client_id=81244c37-8010-49fb-89b2-7581ec3ea549&redirect_uri=https://localhost:8090/response&aud=https://open-ic.epic.com/Argonaut/api/FHIR/Argonaut/&scope=launch/patient,patient/*.read

The problem is it is logging out of mychart. 

Msg - 'You have been logged out of MyChart'

Also i have configured two redirect urls, but no use.

1. https://localhost:8090/response

2. http://localhost:8090/response

[Michele Mottini]

How to get the token? Where we will get the token? I have tried as per your response and but didn't receive any token instead it redirects to MyChart page.

That's the right behavior. You enter the user credentials  in the MyChart login page (fhirjason / epicepic1 for example in the Epic sandbox), then it redirects back to your app redirect URL with the authorization code in the URL - your app gets it from there and uses POST it to the token end point to get the token.

See http://hl7.org/fhir/smart-app-launch/#standalone-launch-sequence and https://tools.ietf.org/html/rfc6749#section-4.1 for the details

  - Michele

  CareEvolution Inc

[Rajshree Agrawal]

 I am using the correct then also getting invalid error.

https://open-ic.epic.com/argonaut/oauth2/authorize?response_type=code&client_id=b715bf1b-54ee-468f-ac81-b78984acc708&redirect_uri=https://1dbf3a4d.ngrok.io/docShares/epic&aud=https://open-ic.epic.com/argonaut/api/FHIR/Argonaut/&scope=launch/patient,patient/*.read