Stream: implementers
Topic: Authorization Oauth2.0
Tejvir Saggu (Aug 02 2021 at 21:49):
Hi All, Getting a invalid client on the authorization for a backend systems app. Have used the documentation in the follow link to set it up. Also tried contacting EPIC support but no response back from them as well. Has anyone else seen this issue?
Link to the doc: https://fhir.epic.com/Documentation?docId=oauth2
Link to the backend section : https://fhir.epic.com/Documentation?docId=oauth2§ion=BackendOAuth2Guide
Following is the Post request and the result we get.
POST https://fhir.epic.com/interconnect-fhir-oauth/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&client_assertion=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzM4NCJ9.eyJpc3MiOiIxOTM5ZTEyMC0wYzAyLTQ5NzMtODA5MS1jZjYyMDY3MzFkYWYiLCJzdWIiOiIxOTM5ZTEyMC0wYzAyLTQ5NzMtODA5MS1jZjYyMDY3MzFkYWYiLCJhdWQiOiJodHRwczovL2ZoaXIuZXBpYy5jb20vaW50ZXJjb25uZWN0LWZoaXItb2F1dGgvb2F1dGgyL3Rva2VuIiwianRpIjoiYTQwODgxYWMtZGY0OS0xMWViLWJkMzQtOTgwMWE3OWRiZDYzIiwiZXhwIjoxNjI1NjkzOTk0LCJuYmYiOjE2MjU2OTM2OTQsImlhdCI6MTYyNTY5MzY5NH0.xwJyqsDFZTS-T79UjeGtqagNmSnimusoLnjwIZmc12qB1DTNa3CvDWh2RBgDZ8ubGSvpp1-xJJ5tGRkiulc0dBGox1tS6M6yz9m9WhYqFt9PAGwK5Syn4jHorpS4hAdOdVq5RjML8cRS4QOvd-DEtETq6j5fMbQI6bfhTFfzzfcTZot5NrQClgNYvT8zS3Fz0EKiz6qfGbMIIx5BZBIXLqBzVVkBnIyBNcc63Tpi3iZc6cHr4fv5Fn9zpRaeXRTsqZzU4VMgq2-AHSqanymEAZ4giD8wzJ7bSyPmpGAkD9lURxG2HQ9572O9gdmwH8h3i-JF-g63jOLAJwwkza-Z1w
<Response [400]>
{‘error’: ‘invalid_client’, ‘error_description’: None}
Any suggeestions or help appreciated.
Thanks
Michele Mottini (Aug 02 2021 at 21:51):
That token expired on July 7th
Tejvir Saggu (Aug 02 2021 at 22:04):
Yeah, so this error message is from the old one.
I can share the new one as below:
POST https://fhir.epic.com/interconnect-fhir-oauth/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&client_assertion=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzM4NCJ9.eyJpc3MiOiIxOTM5ZTEyMC0wYzAyLTQ5NzMtODA5MS1jZjYyMDY3MzFkYWYiLCJzdWIiOiIxOTM5ZTEyMC0wYzAyLTQ5NzMtODA5MS1jZjYyMDY3MzFkYWYiLCJhdWQiOiJodHRwczovL2ZoaXIuZXBpYy5jb20vaW50ZXJjb25uZWN0LWZoaXItb2F1dGgvb2F1dGgyL3Rva2VuIiwianRpIjoiNzE1ZDVkZjItZjNkYy0xMWViLThhYzUtOTgwMWE3OWRiZDYzIiwiZXhwIjoxNjI3OTU2MDY4LCJuYmYiOjE2Mjc5NTU3NjgsImlhdCI6MTYyNzk1NTc2OH0.BRQgbl7NKH71ZiHOkbRL7cXZV0wgfTbT8Ds6_CMnUnIgbWHe_nxXgksAKut9wi1DMrv-rlb6n-5o-OjCXuzidVnfO5plqM88J79yXz-H2Lw4okcinillG_MkJuO21cWvayoes-bH4eAa-zYaRMY4v72uvYaC6Hm2v-54jWDYcztoDTuKn_MROoMYN7vHbmiVV7b3ZmU_Re8WFCEJPqweoCtNFBVH71aD9aBHPCIOJ-PiIzKu-s38fF7daoxRXqQYDB-Kz7ZWE6GJVSY_QUZ7ho12qppFMAi0_nwjwAb_N3KM9Z1S_3O27YdWQDC4WgtyObCpp3qf_agZ-ZZ3KcQ4pw
<Response [400]>
{‘error’: ‘invalid_client’, ‘error_description’: None}
Michele Mottini (Aug 02 2021 at 22:08):
I see. That can be client is not registered, or using wrong certificate to sign the JWT - hard to say
John Whiteside (Aug 02 2021 at 22:16):
Hi Michele, I'm a colleague of Tejvir. Thank you for you help; both the client is registered, and the public/private key pair in use was created using OpenSSL, with no errors
Michele Mottini (Aug 02 2021 at 22:28):
Does that JWT validates at https://jwt.io/ using the public key?
Jun Ding (Aug 27 2021 at 17:25):
Tejvir Saggu said:
Hi All, Getting a invalid client on the authorization for a backend systems app. Have used the documentation in the follow link to set it up. Also tried contacting EPIC support but no response back from them as well. Has anyone else seen this issue?
Link to the doc: https://fhir.epic.com/Documentation?docId=oauth2
Link to the backend section : https://fhir.epic.com/Documentation?docId=oauth2§ion=BackendOAuth2GuideFollowing is the Post request and the result we get.
POST https://fhir.epic.com/interconnect-fhir-oauth/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&client_assertion=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzM4NCJ9.eyJpc3MiOiIxOTM5ZTEyMC0wYzAyLTQ5NzMtODA5MS1jZjYyMDY3MzFkYWYiLCJzdWIiOiIxOTM5ZTEyMC0wYzAyLTQ5NzMtODA5MS1jZjYyMDY3MzFkYWYiLCJhdWQiOiJodHRwczovL2ZoaXIuZXBpYy5jb20vaW50ZXJjb25uZWN0LWZoaXItb2F1dGgvb2F1dGgyL3Rva2VuIiwianRpIjoiYTQwODgxYWMtZGY0OS0xMWViLWJkMzQtOTgwMWE3OWRiZDYzIiwiZXhwIjoxNjI1NjkzOTk0LCJuYmYiOjE2MjU2OTM2OTQsImlhdCI6MTYyNTY5MzY5NH0.xwJyqsDFZTS-T79UjeGtqagNmSnimusoLnjwIZmc12qB1DTNa3CvDWh2RBgDZ8ubGSvpp1-xJJ5tGRkiulc0dBGox1tS6M6yz9m9WhYqFt9PAGwK5Syn4jHorpS4hAdOdVq5RjML8cRS4QOvd-DEtETq6j5fMbQI6bfhTFfzzfcTZot5NrQClgNYvT8zS3Fz0EKiz6qfGbMIIx5BZBIXLqBzVVkBnIyBNcc63Tpi3iZc6cHr4fv5Fn9zpRaeXRTsqZzU4VMgq2-AHSqanymEAZ4giD8wzJ7bSyPmpGAkD9lURxG2HQ9572O9gdmwH8h3i-JF-g63jOLAJwwkza-Z1w
<Response [400]>
{‘error’: ‘invalid_client’, ‘error_description’: None}Any suggeestions or help appreciated.
Thanks
Hi Tejvir,
Did you ever get around this invalid_client error? I'm getting the same error. Thanks.
Jun
Daniel Venton (Aug 27 2021 at 17:57):
You probably need to talk to Epic, the people that are rejecting your credentials. Only they will be able to tell you why.
Cooper Thompson (Aug 27 2021 at 19:00):
That JWT looks like it was valid for back in early July. If you can send info about a more recent request (including the JWT) to open@epic.com, we can take a look.
Ugesh (Oct 14 2021 at 10:07):
Hi All, Did anyone find a workaround for Epic FHIR OAuth invalid_client issue
{
"error": "invalid_client",
"error_description": null
}
Lloyd McKenzie (Oct 14 2021 at 12:19):
Have you reached out to open@epic.com?
Chandu (Jan 13 2022 at 15:15):
Hi All, Did any one find a workaround for this invalid_client issue ? I am also getting same
Cooper Thompson (Jan 13 2022 at 16:54):
We now have a troubleshooting guide that covers a lot of the reasons you can run into invalid_client.
Josh Mandel (Jan 19 2022 at 17:19):
@Cooper Thompson the link above is (now?) broken -- has the troubleshooting guide moved away from https://fhir.epic.com/Documentation?docId=troubleshooting_eof?
Cooper Thompson (Jan 19 2022 at 18:44):
You need to log in with your Epic on FHIR account to see it. I'm already looking into whether we can make that available pre-login.
Last updated: Apr 12 2022 at 19:14 UTC
