Getting OAuth2 Error Epic EHR launch
1,509 views
Skip to first unread message
Pedram Hosseini
Aug 15, 2023, 3:15:20 PM8/15/23
to SMART on FHIR
Hi, I'm following the EHR Launch (SMART on FHIR) steps to complete one sample authorization process from my Python web app. Here's the situation:
The error I get is: OAuth2 Error, and it does not give me any more detail. What's wrong?
- I launch the EHR app using the Try it button here (first question: can I do this launch directly myself from my app?). From the list, I chose the app I created. For that app I have the clinet_id and the non-production client_id from Epic.
- I specified the "http://0.0.0.0:8100/receive_data" which is a local address as the "launch URL to receive the request to your app"
- Once I launch the app, it does call the endpoint on my local machine so looks like this part is working and the app is actually launched.
- I receive the launch and iss successfully:
- launch: it's a token string
- iss: 'https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4'
- I also made a call and successfully received the Conformance Statement or SMART Configuration which includes the authorization_endpoint:
- authorization_endpoint: 'https://fhir.epic.com/interconnect-fhir-oauth/oauth2/authorize'
- "response_type": "code"
- "client_id": 'my_non_production_client_id'
- "redirect_uri": "http://0.0.0.0:8100/authorize_user"
- "scope": "launch"
- "launch": 'the_launch_token_from_previous_step'
- "aud": 'https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4'
- "state": "abc123"
The error I get is: OAuth2 Error, and it does not give me any more detail. What's wrong?
What I'm trying to do? I just simply want to authorize one of the sample users that Epic has provided for testing, through MyChart and show their MyChart profile in my Python app and make some FHIR calls for that user.
Sean Nolan
Aug 16, 2023, 3:16:59 AM8/16/23
to SMART on FHIR
The Epic sandbox is notorious for configuration update delays --- folks often find that their "oauth2 errors" have been magically fixed by waiting awhile (sometimes even a day or two, seriously). May or many not be your issue, but worth checking it again over the next couple of days. (Also probably not your issue this time, but you're sure to run into browser security problems down the road running your app as http vs https.) You could also try your client id with a "known working" sample app like mine at https://shutdownhook.com/2021/05/14/smart-part-2-a-real-app-in-less-than-100-lines/ and sniff those network connections to look for discrepancies with your code. Good luck! ---S
Heshan Wanigasooriya
Aug 17, 2023, 5:38:33 AM8/17/23
to SMART on FHIR
I recently created a sandbox environment using OAuth 2.0 at https://epic-sandbox.vercel.app/. The code can be found here: https://github.com/heshanlk/epic-sandbox. You can try running it locally and step through the authorization steps to understand what you are doing differently on your end.
Pedram Hosseini
Aug 17, 2023, 6:42:46 PM8/17/23
to SMART on FHIR
@Heshan: neat project, it's helpful, thanks for sharing. One question, I could start your code on my local machine but I'm getting the following error when I hit the Sign in with Epic MyChart button (screenshot attached).
Just to double check one thing: where exactly should I put the .env file? And what's its format? May you provide an example?
Reason I'm asking is that I'm guessing there's an issue with the credentials (client ID and client secret), either the code can't find the EPIC_MYCHART_CLIENT_ID and EPIC_MYCHART_CLIENT_SECRET or there's an issue with the actual client ID and client secret values (I'm using the non-production client ID). I'm getting the very error on my app too
Heshan Wanigasooriya
Aug 18, 2023, 8:35:04 AM8/18/23
to SMART on FHIR
Added env.example to the repo also updated steps.
Pedram Hosseini
Aug 23, 2023, 12:46:30 PM8/23/23
to SMART on FHIR
@Heshan, thanks for the env example. Looks like the code can now find the client ID from the env file, but I still get the "An error has occurred. The request is invalid." after hitting the login with MyChart. Do you think there's an issue with recognizing my client ID? I'm honestly pretty confused and don't know what the problem is! The non-production client id is the only thing I can think of. Is there anything critical in my app setting page on Epic that could cause such an error?
Ashok Sharma
Mar 17, 2024, 8:41:55 AM3/17/24
to SMART on FHIR
I am getting the same issue now. It was working fine until last week. No change in code or the FHIR-EPIC app setup. All of sudden started getting this message. Has anyone has any idea how to troubleshoot and fix this issue?
Thanks in advance for the help
Ashok
sibin c sebastian
May 10, 2024, 5:07:34 AM5/10/24
to SMART on FHIR
Hey im facing the same issue? any solutions yet?
Jose Arzac
Aug 21, 2024, 4:31:34 PM8/21/24
to SMART on FHIR
Our app does authorization against multiple providers, depending on the user.
Recently we noticed that our users were getting the same error when trying to get authorization against one provider only. I looked into it, and I noticed that this provider was setting up 2FA automatically for all their new users.
So I disabled 2FA for my test account, logged out and refreshed the browser. Then the authorization process started working fine. And, if I enable 2FA, it starts failing again. It also helps if I uncheck the box that says "Skip this step next time" when I enter the 2FA code.
Unfortunately this workaround doesn't work for some other users. We haven't been able to determine what is the ultimate solution.
I hope this helps others trying to find the root cause of the problem.
Recently we noticed that our users were getting the same error when trying to get authorization against one provider only. I looked into it, and I noticed that this provider was setting up 2FA automatically for all their new users.
So I disabled 2FA for my test account, logged out and refreshed the browser. Then the authorization process started working fine. And, if I enable 2FA, it starts failing again. It also helps if I uncheck the box that says "Skip this step next time" when I enter the 2FA code.
Unfortunately this workaround doesn't work for some other users. We haven't been able to determine what is the ultimate solution.
I hope this helps others trying to find the root cause of the problem.
Justin Gaines
Mar 29, 2025, 3:44:22 PMMar 29
to SMART on FHIR
Just tried to set up my own app using @Heshan's example. Same error on my end. I'll email Epic an see if they can weigh in on how to troubleshoot this.
Justin Gaines
Mar 29, 2025, 6:04:13 PMMar 29
to SMART on FHIR
@Heshan, are you able to list which patient resources you listed? Great repo by the way! I had a typo in my NEXTAUTH variable, now corrected. Now I am able to access the login screen and log in, but I am getting a 500 server error after login.
Oops!
Oops!
Sorry. Your request could not be carried out because of an error.
Please log out and sign in again.
/mychart-fhir/Authentication/OAuth/Authorize?liteMode=true&forceAuthn=true:1
GET https://fhir.epic.com/mychart-fhir/Authentication/OAuth/Authorize?liteMode=true&forceAuthn=true 500 (Internal Server Error)
Justin Gaines
Mar 29, 2025, 7:33:39 PMMar 29
to SMART on FHIR
Also, any idea on what the LAUNCH variables are?
EPIC_MYCHART_CLIENT_ID= <== got from my app page on open.epic
EPIC_MYCHART_CLIENT_SECRET= <== got from my app page on open.epic
NEXTAUTH_SECRET= <==made a random string
NEXTAUTH_URL='http://localhost:3000/' <==switched this to the url of my app
EPIC_MYCHART_CLIENT_ID_LAUNCH=
EPIC_MYCHART_CLIENT_SECRET_LAUNCH=
EPIC_MYCHART_CLIENT_ID= <== got from my app page on open.epic
EPIC_MYCHART_CLIENT_SECRET= <== got from my app page on open.epic
NEXTAUTH_SECRET= <==made a random string
NEXTAUTH_URL='http://localhost:3000/' <==switched this to the url of my app
EPIC_MYCHART_CLIENT_ID_LAUNCH=
EPIC_MYCHART_CLIENT_SECRET_LAUNCH=
Reply all
Reply to author
Forward
0 new messages