Stream: smart/health-cards
Topic: Auth URL
Paul Denning (Apr 15 2021 at 12:28):
Using Postman and the OAuth2 Authorization settings, I needed to use
as the Auth URL (for Cerner's closed endpoint).
I originally went to the CapabilityStatement at
https://fhir-myrecord.stagingcerner.com/beta/ec2458f2-1e24-41c8-b71b-0e701af7583d/metadata?_format=json
and used the
.rest.security.extension[0].extension[1].valueUri = "https://authorization.cerner.com/tenants/ec2458f2-1e24-41c8-b71b-0e701af7583d/protocols/oauth2/profiles/smart-v1/personas/patient/authorize"
Thanks to @Joe Rattazzi for the tip to add the aud=.... Should the capability statement have that URL?
Joe Rattazzi (Apr 15 2021 at 12:39):
The Audience is just one of the parameters needed during the authorization step. I suggested you could add it to the "Auth URL" box in PostMan, given there's not another box to put it.
Here's our documentation on that parameter: https://fhir.cerner.com/authorization/#audience
Edit - and here's the HL7 Documentation: http://www.hl7.org/fhir/smart-app-launch/#step-1-app-asks-for-authorization
Last updated: Apr 12 2022 at 19:14 UTC
