Authorization error in exchanging code for the access token (App using Django framework)

[Yanzhao Wu]

We have tried many times to exchange for an access token with the code parameter provided in the URL according to the document but our app still failed on step #3.

It seems that the code provided in the URL is not authenticated by the gallery server correctly. When we send the POST, the server just returned a JSON with "no authorization code found for value..." and we cannot get the access token to continue.

I ponder how to use the code parameter properly, should we decode it (in what way?) or just send the original one.

And are there any other requirement for the authorization process (Like the whole process must be finished in one continuous session)?

We applied Django framework with python-2.7 and some useful information is as follows:

Source codes: https://github.com/FourKnife/DiagnosticOR/tree/master/diagnostic_order

The data and header contained in the request is defined as (python: dict, confidential app) :

exchange_data = {

        'code': auth_code,

       'redirect_uri': CLINICAL['redirect_uri'],

        'grant_type': 'authorization_code'

   }

    headers = {

        "Content-Type": 'application/x-www-form-urlencoded',

        "Content-Length" : len(exchange_data),

        'Authorization':'Basic ' + base64.b64encode(CLINICAL['client_id']+":" +CLINICAL['CLINIC_SECRET'])

    }

And this the URL provided by the gallery server with code and state:

[24/Mar/2016 07:30:17] "GET /clinic_recv_redirect/?code=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb250ZXh0Ijp7InBhdGllbnQiOiJoY2EtcGF0LTY3IiwibmVlZF9wYXRpZW50X2Jhbm5lciI6dHJ1ZSwic21hcnRfc3R5bGVfdXJsIjoiaHR0cHM6Ly9nYWxsZXJ5LXN0eWxlcy5zbWFydGhlYWx0aGl0Lm9yZy9zdHlsZXMvdjEuMi4xMiJ9LCJjbGllbnRfaWQiOiIxOWZkZDg0Ni1iMTAyLTQ1MGItOWNlMi05OTA4MDk5ZjQ2MDEiLCJzY29wZSI6ImxhdW5jaCBsYXVuY2gvcGF0aWVudCBsYXVuY2gvZW5jb3VudGVyIHBhdGllbnQvKi5yZWFkIHVzZXIvKi4qIG9wZW5pZCBwcm9maWxlIiwiaWF0IjoxNDU4ODA0NDQxLCJleHAiOjE0NTg4MDQ3NDF9.3shJeYK2DwiS-pRdS6krxU_Km-uBJwbEvx1WVy7sDYI&state=d85716cd-b672-03e7-ea90-8198b126eedb HTTP/1.1" 500 73469

This is the JSON returned:

{u'error_description': u'JpaAuthorizationCodeRepository: no authorization code found for valueeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb250ZXh0Ijp7InBhdGllbnQiOiJoY2EtcGF0LTY3IiwibmVlZF9wYXRpZW50X2Jhbm5lciI6dHJ1ZSwic21hcnRfc3R5bGVfdXJsIjoiaHR0cHM6Ly9nYWxsZXJ5LXN0eWxlcy5zbWFydGhlYWx0aGl0Lm9yZy9zdHlsZXMvdjEuMi4xMiJ9LCJjbGllbnRfaWQiOiIxOWZkZDg0Ni1iMTAyLTQ1MGItOWNlMi05OTA4MDk5ZjQ2MDEiLCJzY29wZSI6ImxhdW5jaCBsYXVuY2gvcGF0aWVudCBsYXVuY2gvZW5jb3VudGVyIHBhdGllbnQvKi5yZWFkIHVzZXIvKi4qIG9wZW5pZCBwcm9maWxlIiwiaWF0IjoxNDU4ODA0NDQxLCJleHAiOjE0NTg4MDQ3NDF9.3shJeYK2DwiS-pRdS6krxU_Km-uBJwbEvx1WVy7sDYI', u'error': u'invalid_grant'}

Error message (function get_access_token is designed to acquire the access token):

Internal Server Error: /clinic_recv_redirect/

Traceback (most recent call last):

  File "/home/deployer/diagnosticOR/diagnosticOR/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 149, in get_response

    response = self.process_exception_by_middleware(e, request)

  File "/home/deployer/diagnosticOR/diagnosticOR/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 147, in get_response

    response = wrapped_callback(request, *callback_args, **callback_kwargs)

  File "/home/deployer/diagnosticOR/diagnosticOR1/diagnostic_order/order/views.py", line 202, in recv_code

    access_token = get_access_token(code)

  File "/home/deployer/diagnosticOR/diagnosticOR1/diagnostic_order/order/views.py", line 195, in get_access_token

    return resp.json()['access_token']

KeyError: 'access_token'

[Pascal Pfiffner]

Hi Yanzhao

The error you're getting is "invalid_grant". What are the actual values that you're sending when exchanging the code?

Also, note that we have a Python client that handles auth for you: https://github.com/smart-on-fhir/client-py/

Pascal

[Josh Mandel]

Could you also list the URLs of the authorization + token endpoints you are connecting to? Are you following our discovery protocol to learn these URLs from the API server's FHIR conformance statement, or hard coding them?

At a glance, it looks like you may be getting a code from the authorization endpoint of our gallery, and submitting that code to the token endpoint of our sandbox (they're two different SMART deployments, so a code from the gallery won't buy you a token in the sandbox).

--
You received this message because you are subscribed to the Google Groups "SMART on FHIR" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smart-on-fhi...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.