Client Test 7: Need help troubleshooting

[Joseph Shook]

While I believe I have the technical parts worked out, as I have been passing the server test, 18.  I am stuck on the client test, 3.

 

Here is the test 7 report:: UDAP Test Tool

 

GET /authorize?

                response_type=code

                state=iVsjS4Gs_cXlAg7mLuuUc7Sm6JrH25yqE1qyeDqzd-0

                client_id=322b9acd-e7ed-4a7e-bcf2-6587b96d8fee

                scope=openid

                redirect_uri=https://fhirlabs-udaped-v46zp6zteq-uw.a.run.app/udapBusinessToBusiness

                aud=https://test.udap.org/fhir/r4/stage

Host:  https://test.udap.org/oauth/stage/authz

 

 

Results in:

 

https://test.udap.org/oauth/stage/login?client_id=322b9acd-e7ed-4a7e-bcf2-6587b96d8fee&response_type=code&state=iVsjS4Gs_cXlAg7mLuuUc7Sm6JrH25yqE1qyeDqzd-0&scope=openid&redirect_uri=https://fhirlabs-udaped-v46zp6zteq-uw.a.run.app/udapBusinessToBusiness&aud=https://test.udap.org/fhir/r4/stage

 

Following this redirect always results in:

[Luis Maas]

Hi Joe,

The authz endpoint returns a 302 redirect to the /login page (without any query parameters) and also includes a cookie in this response.

When accessed correctly, the login page provides a sign in form for the user.

It sounds like your client is incorrectly appending the original query params to the URL returned in the authz 302 response and may also be dropping the cookie that is needed to access the form.

Also, normally this redirection is handled by a browser, i.e. the authz page is opened in a conventional browser and the app picks up control again via the app's redirect URI, so that might be something to try.

Luis

[Joseph Shook]

For sure dropping the cookie.  I added the params.  

My server sets all the params in the redirect url.  So my assumptions missled me.  

Thanks, the cookie makes sense.  

[Joseph Shook]

Tonight I am getting a 500 error at https://test.udap.org/oauth/stage/login as I test the authorization_code flow.  TheDHTGSESSID cookie in the request headers.  Seems like a test server error.  

I say this because I can request successfully request a authorization code from  https://stage.healthtogo.me:8181/fhir/r4/stage.

Joe

[Luis Maas]

Hi Joe,

It looks like your client's initial authz request to the test tool server includes the "udap" scope used to invoke Tiered OAuth but is omitting the required idp parameter, which is not a valid request.

The public test tool doesn't currently support testing of Tiered OAuth, so try replacing that scope in your request with a different scope like openid or user/Patient.*

Luis

[Joseph Shook]

Luis, that was helpful.  Thank you.

My tooling wasn't supposed to include that.  But I also did not realize the connection of udap scope to Tiered OAuth.  Not quite to Tiered OAuth and started using the udap scope out of coincidence.

Joe