Stream: CARIN IG for Blue Button®
Topic: 11/18-19 CARIN Connectathon - Cigna server
Michele Mottini (Nov 18 2020 at 15:52):
Cannot connect because getting the conformance fails with a 401 unauthorized error (https://p-hi2.digitaledge.cigna.com/ConsumerAccess/v1-devportal/metadata)
Jason Teeple (Nov 18 2020 at 15:54):
Can you try requesting with a username & password? In the meantime, will take a look at my end to see why capabilitystatement isn't open
Michele Mottini (Nov 18 2020 at 15:55):
I can work around it hard-wiring the OAuth2 URL (so that our client does not need to read the capability statement to start the sequence)
Michele Mottini (Nov 18 2020 at 16:00):
...but then I hit another problem: after I login and authorize sharing the app gets an auth error: the authorization server redirects back to https://myfhr.careevolution.dev/cfhrprovideraccounts/redirectcallback?error=access_denied&error_description=FBTOAU218E%20The%20user%20supplied%20an%20invalid%20state.&state=oauth-redirect%7CMyFHR-QA%7Ca0407c44105742199888a205e375f6e9
Jason Teeple (Nov 18 2020 at 16:03):
Interesting. what user did you use?
Jason Teeple (Nov 18 2020 at 16:05):
Looked into the capabilityStatement, need a token to hit it. Our team is working on a fix. Probably won't be ready before end of the event.
Michele Mottini (Nov 18 2020 at 16:05):
Logged in as syntheticuser01
Jason Teeple (Nov 18 2020 at 16:07):
Looking into the issue
Jason Teeple (Nov 18 2020 at 16:23):
Looks like the issue is with the state being passed.
Michele Mottini (Nov 18 2020 at 16:49):
What's the problem with it?
Jason Teeple (Nov 18 2020 at 17:01):
We are looking on our side. What did you pass so we can confirm?
Jason Teeple (Nov 18 2020 at 17:04):
@Ian King Here is the PDF: Cigna-Developer-Sandbox.pdf
Michele Mottini (Nov 18 2020 at 17:06):
State passed: oauth-redirect|MyFHR-QA|6af70be2990443a899649a4cd0304fd9
Jason Teeple (Nov 18 2020 at 17:14):
Michele Mottini said:
State passed:
oauth-redirect|MyFHR-QA|6af70be2990443a899649a4cd0304fd9
We are not seeing any issues with the value itself.
Just to confirm, you can login with sythenticuser01; give authorization to share data with CE's app; then when redirecting, there is an error. Is this correct?
Michele Mottini (Nov 18 2020 at 17:14):
Yes, that is what happen
Jason Teeple (Nov 18 2020 at 17:16):
We are replaying the calls on our side to see what is happening.
Jason Teeple (Nov 18 2020 at 17:28):
Jason Teeple said:
Ian King Here is the PDF: Cigna-Developer-Sandbox.pdf
Check your Private Messages - need confirmation from your team.
Jason Teeple (Nov 18 2020 at 17:29):
@Michele Mottini
can you pass nonce? We are validating for nonce as part of the consent post back.
Michele Mottini (Nov 18 2020 at 17:34):
Mhh, no? Don't think that is required by the specs
Jason Teeple (Nov 18 2020 at 17:40):
I have asked our team to stop validating. Will take about 15 mins for the change.
Jason Teeple (Nov 18 2020 at 17:47):
@Michele Mottini can you retry?
Michele Mottini (Nov 18 2020 at 17:48):
Yep, authentication worked, thanks!
Michele Mottini (Nov 18 2020 at 17:49):
...but cannot get data because we are still trying to get the capability statement without authorization
Jason Teeple (Nov 18 2020 at 17:51):
ah, that one we may not be able to solve today
Jason Teeple (Nov 18 2020 at 18:50):
Working on a fix now. will let you know when it is good to go.
Jason Teeple (Nov 18 2020 at 19:36):
@Michele Mottini we fixed the capStatement, but it may not matter. We do not have the auth endpoints in there.
https://r-hi2.cigna.com/mga/sps/oauth/oauth20/token
https://r-hi2.cigna.com/mga/sps/oauth/oauth20/authorize
Michele Mottini (Nov 18 2020 at 19:46):
Thaks @Jason Teeple - I can work around that hard coding the auth end points, but I get a 404 now trying to get the cap statement
Michele Mottini (Nov 18 2020 at 19:46):
{
"issue": [
{
"code": "processing",
"diagnostics": "Cache miss: cap_statement:ConsumerAccess",
"severity": "error"
}
],
"resourceType": "OperationOutcome"
}
Jason Teeple (Nov 18 2020 at 20:07):
should be good now, needed to clean up some cache
Jason Teeple (Nov 18 2020 at 20:40):
We added the endpoints to our capStatement - would appreciate feedback
Michele Mottini (Nov 18 2020 at 20:51):
Thanks, I'll test again in a little bit
Michele Mottini (Nov 18 2020 at 21:08):
@Jason Teeple : tested again: endpoints in the capability statement worked ok, login works ok but getting the data still fails - some issue with the capability statement, looking into it
Michele Mottini (Nov 18 2020 at 21:11):
Oh yes - the rest element (an array) should contain a single element describing the server, not two
Jason Teeple (Nov 18 2020 at 21:37):
We made an update
James Kizer (Nov 18 2020 at 21:53):
Hi Jason, just tried testing again, getting the following error:
{"type":2,"code":2001,"error":"invalid_client","errorDescription":"FBTOAU204E An invalid secret was provided for the client with identifier: [{0}].","errorUri":""}
Any idea what might be causing that?
Michele Mottini (Nov 18 2020 at 21:56):
No, capability statement appears to be bad: Type checking the data: Encountered unknown element 'mode' at location 'Resource.rest[0].security[0].mode[0]' while parsing
Jason Teeple (Nov 18 2020 at 21:57):
We are in the process of fixing the issue. We noticed that we have the mode, security, and resource at the wrong levels.
Michele Mottini (Nov 18 2020 at 21:59):
OK, thanks Jason, let me know when you want me to test again
Jason Teeple (Nov 18 2020 at 22:02):
James Kizer said:
Hi Jason, just tried testing again, getting the following error:
{"type":2,"code":2001,"error":"invalid_client","errorDescription":"FBTOAU204E An invalid secret was provided for the client with identifier: [{0}].","errorUri":""}
Any idea what might be causing that?
Did your auth client change?
James Kizer (Nov 18 2020 at 22:14):
@Jason Teeple No, still the same as what you sent earlier today
Jason Teeple (Nov 18 2020 at 22:20):
hmmm...
Let me see if we can find an issue on our side
Jason Teeple (Nov 18 2020 at 22:30):
Try getting a refresh token.
Edited: Don't get a refresh token.
Issue was on our side. Should be fixed now.
James Kizer (Nov 19 2020 at 00:29):
Thanks @Jason Teeple That seemed to work, but now we're getting a 502 error from the server when requesting the patient resource via https://p-hi2.digitaledge.cigna.com/ConsumerAccess/v1-devportal/Patient/A00000000000005
Jason Teeple (Nov 19 2020 at 10:53):
@James Kizer We ran into an issue with our gateway, We are hoping it will be back up later this morning.
Jason Teeple (Nov 19 2020 at 14:20):
We have resolved our 502 error. Should be good to go now.
Michele Mottini (Nov 19 2020 at 17:02):
Connected successfully and got data, here is on our app:
Michele Mottini (Nov 19 2020 at 17:17):
@Jason Teeple : there is a mismatch in the ids though:
Jason Teeple (Nov 19 2020 at 17:29):
We add a slug when there are multiple backend FHIR servers
Jason Teeple (Nov 19 2020 at 17:30):
Is the slug causing validation issues on your side?
Michele Mottini (Nov 19 2020 at 17:40):
It is not valid FHIR...
Michele Mottini (Nov 19 2020 at 17:41):
(and causes our client to read all the encounters twice, because we cache them but they cannot be found under their ids)
Jason Teeple (Nov 19 2020 at 17:47):
Let me take a look.
Jason Teeple (Nov 19 2020 at 17:57):
I will have to work with the team and see how they can resolve. Thanks for the feedback.
Last updated: Apr 12 2022 at 19:14 UTC
