Getting OAuth2 Error Epic EHR launch

[Pedram Hosseini]

Hi, I'm following the EHR Launch (SMART on FHIR) steps to complete one sample authorization process from my Python web app. Here's the situation:

• I launch the EHR app using the Try it button here (first question: can I do this launch directly myself from my app?). From the list, I chose the app I created. For that app I have the clinet_id and the non-production client_id from Epic.
• I specified the "http://0.0.0.0:8100/receive_data" which is a local address as the "launch URL to receive the request to your app"
• Once I launch the app, it does call the endpoint on my local machine so looks like this part is working and the app is actually launched.
• I receive the launch and iss successfully:
  • launch: it's a token string
  • iss: 'https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4'
• I also made a call and successfully received the Conformance Statement or SMART Configuration which includes the authorization_endpoint:
  • authorization_endpoint: 'https://fhir.epic.com/interconnect-fhir-oauth/oauth2/authorize'

Now I need to get the Authorization Code and this is where I'm facing the error. Here's the GET request I'm sending to the authorization_endpoint with the following parameters:

• "response_type": "code"
• "client_id": 'my_non_production_client_id'
• "redirect_uri": "http://0.0.0.0:8100/authorize_user"
• "scope": "launch"
• "launch": 'the_launch_token_from_previous_step'
• "aud": 'https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4'
• "state": "abc123"

The error I get is: OAuth2 Error, and it does not give me any more detail. What's wrong?

What I'm trying to do? I just simply want to authorize one of the sample users that Epic has provided for testing, through MyChart and show their MyChart profile in my Python app and make some FHIR calls for that user.

[Sean Nolan]

The Epic sandbox is notorious for configuration update delays --- folks often find that their "oauth2 errors" have been magically fixed by waiting awhile (sometimes even a day or two, seriously). May or many not be your issue, but worth checking it again over the next couple of days. (Also probably not your issue this time, but you're sure to run into browser security problems down the road running your app as http vs https.) You could also try your client id with a "known working" sample app like mine at https://shutdownhook.com/2021/05/14/smart-part-2-a-real-app-in-less-than-100-lines/ and sniff those network connections to look for discrepancies with your code. Good luck! ---S

[Heshan Wanigasooriya]

I recently created a sandbox environment using OAuth 2.0 at https://epic-sandbox.vercel.app/. The code can be found here: https://github.com/heshanlk/epic-sandbox. You can try running it locally and step through the authorization steps to understand what you are doing differently on your end.

[Pedram Hosseini]

@Heshan: neat project, it's helpful, thanks for sharing. One question, I could start your code on my local machine but I'm getting the following error when I hit the Sign in with Epic MyChart button (screenshot attached). 

Just to double check one thing: where exactly should I put the .env file? And what's its format? May you provide an example?

Reason I'm asking is that I'm guessing there's an issue with the credentials (client ID and client secret), either the code can't find the EPIC_MYCHART_CLIENT_ID and EPIC_MYCHART_CLIENT_SECRET or there's an issue with the actual client ID and client secret values (I'm using the non-production client ID). I'm getting the very error on my app too

[Heshan Wanigasooriya]

Added env.example to the repo also updated steps.

[Pedram Hosseini]

@Heshan, thanks for the env example. Looks like the code can now find the client ID from the env file, but I still get the "An error has occurred. The request is invalid." after hitting the login with MyChart. Do you think there's an issue with recognizing my client ID? I'm honestly pretty confused and don't know what the problem is! The non-production client id is the only thing I can think of. Is there anything critical in my app setting page on Epic that could cause such an error?

[Ashok Sharma]

I am getting the same issue now. It was working fine until last week. No change in code or the FHIR-EPIC app setup. All of sudden started getting this message. Has anyone has any idea how to troubleshoot and fix this issue?

Thanks in advance for the help

Ashok

[sibin c sebastian]

Hey im facing the same issue? any solutions yet?