FHIR Chat · Cerner secure server user? · smart/health-cards

Stream: smart/health-cards

Topic: Cerner secure server user?

view this post on Zulip Matt Printz (Apr 14 2021 at 20:20):

I'm working on the Patient Access authentication with Cerner (https://fhir-myrecord.stagingcerner.com/beta/ec2458f2-1e24-41c8-b71b-0e701af7583d), and I have my app created and I'm getting to the oauth log in screen, but the only credentials I have are my own personal one, and no records are found. Is there a specific username/password we should be using for testing?

view this post on Zulip Joe Rattazzi (Apr 14 2021 at 20:28):

We have testing ones for you to use!

view this post on Zulip Matt Printz (Apr 14 2021 at 20:30):

Thanks Joe! I read that document like 3 times but just missed the link to the google doc.

view this post on Zulip Joe Rattazzi (Apr 14 2021 at 20:31):

No problem! lots of links in there

view this post on Zulip Matt Printz (Apr 14 2021 at 20:35):

Joe Rattazzi said:

No problem! lots of links in there

Hmm.. not seeing Patient Access Logins for any of the users in the Covid section. Do we not need to use the patient login in the oauth to pull the data for the relevent patients?

view this post on Zulip Joe Rattazzi (Apr 14 2021 at 20:35):

oh I see

view this post on Zulip Joe Rattazzi (Apr 14 2021 at 20:35):

so - any of the patient logins will work (I used Wilma Smart earlier)

view this post on Zulip Joe Rattazzi (Apr 14 2021 at 20:36):

our data payloads are just hard-coded right now

view this post on Zulip Joe Rattazzi (Apr 14 2021 at 20:36):

so it won't change on which user you're hitting

view this post on Zulip Matt Printz (Apr 14 2021 at 20:36):

Ok, that works. Thanks again.

view this post on Zulip Joe Rattazzi (Apr 14 2021 at 20:36):

good deal

view this post on Zulip Santosh Jami (Apr 14 2021 at 20:39):

Once you create the patient app, before executing the postman script - is there a wait time @Joe Rattazzi ?

view this post on Zulip Joe Rattazzi (Apr 14 2021 at 20:39):

may be up to 15 minutes

view this post on Zulip Joe Rattazzi (Apr 14 2021 at 20:39):

if you see an error after that time, I can help troubleshoot

view this post on Zulip Matt Printz (Apr 14 2021 at 21:11):

I keep getting 403 Permission Denied when calling $health-cards-issue endpoint after completing the OAuth. Or at least I seem to be completing the OAuth. Is there a way to get some debugging on the error?
@Joe Rattazzi

view this post on Zulip Josh Mandel (Apr 14 2021 at 21:12):

Or at least I seem to be completing the OAuth.

Forgive me for this non-response to your question, but: this part should be clear at least. Are you getting an access token response, with permitted scopes and a patient ID?

view this post on Zulip Matt Printz (Apr 14 2021 at 21:15):

@Josh Mandel
{'patient': '12724066', 'scope': 'launch/patient openid profile', 'id_token': 'eyJraWQiOiIyMDIxLTA0LT...', 'token_type': 'Bearer'}

view this post on Zulip Cibi Siddharth (Apr 14 2021 at 21:16):

@Joe Rattazzi
We tried the authorized endpoint as we discussed during the call in the postman. We are getting the following error(Screenshots attached).
image.png
image.png .
cc: @Santosh Jami @Suprakash Maity @Rohit Bankia

view this post on Zulip Joe Rattazzi (Apr 14 2021 at 21:16):

can you access the postman console to see what the error message is there?

view this post on Zulip Josh Mandel (Apr 14 2021 at 21:17):

launch/patient openid profile

Thanks @Matt Printz. I'd expect to see patient/Immunization.read and patient/Patient.read in the approved scopes. Are you requesting those?

view this post on Zulip Cibi Siddharth (Apr 14 2021 at 21:18):

@Joe Rattazzi yes we are getting just " Error: [object Object] "
image.png

view this post on Zulip Matt Printz (Apr 14 2021 at 21:19):

Oh, I thought it pulled that from the app definition. Let me look at my client definition code.

view this post on Zulip Josh Mandel (Apr 14 2021 at 21:19):

When you click through the app approval screen (/authorize endpoint), you should see approvalcheckboxes for Immunization and Patient, I think -- if you don't, it suggests you're not asking for those scopes.

view this post on Zulip Matt Printz (Apr 14 2021 at 21:21):

@Josh Mandel I found it, I wasn't specifying them in the client so the client was defaulting to an internal default rather than using the default from the app definition. I /think/ I have enough to fix this now.

view this post on Zulip Josh Mandel (Apr 14 2021 at 21:21):

(And @Matt Printz I can see why this is a "gotcha", because Epic's behavior for instance is different; with Epic's SMART on FHIR implementation you can request specific scopes when you launch, but they're ignored in favor of the scopes you requested at client registration time. The recommended best practice is to not rely on defaults.)

view this post on Zulip Matt Printz (Apr 14 2021 at 21:27):

@Josh Mandel It's working now. Thanks for helping me see that.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -