OAuth2 token Help needed

[newpie]

Hey Monte, ok I actually played around with this piece of code below and everytime I run it I recall it returned the same tAuth and tToken (maybe due to sandbox). So I just hardcoded it.

Code: Select all

on postmesssage
   set the httpheaders to "Accept: application/json"
   put URL "https://fhir-ehr.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/metadata" into tHeaderData
   put jsonImport(tHeaderData) into temp
   --put the keys of temp
   put temp [rest][1][security][extension][1][extension][2][valueUri] into tAuth
   put temp [rest][1][security][extension][1][extension][1][valueUri] into tToken   
end postmesssage

I actually had the scope launch already. I attached picture of my settings below.

From what I can tell livecode is trying to open up the authenticate box, is there some way to access that. What my gut is telling me is that it is trying to let me log in as I described earlier with portal/portal.

[monte]

The problem is the authentication is being rejected before it even has a chance to present the login page. That's why you get the dialog flashing up. So we need to work out what's wrong with the parameters.

My reading of it is it must be `launch/profile` rather than just `launch` in the scope.

[newpie]

Ok, np, I will write FHIR again and try to get some more data on the subject.

Thanks for your continued efforts to get this key piece working for me.

[newpie]

Hey monte, I added launch/profile with same result. I decided to register a new provider app and change the Smart Launch URI. Still doesn't work unfortuantely.

I found the following pieces of data and attaching my livecode script to see if I grossly did something incorrect if you wish to take a look. Warning: When it errors out it freezes livecode so you have to force it closed in order to try again.

Data Piece 1 (http://docs.smarthealthit.org/authoriza ... h-context/) under standalone app section.

launch/patient Need patient context at launch time (FHIR Patient resource)
launch/encounter Need encounter context at launch time (FHIR Encounter resource)
launch/location Need location context at launch time (FHIR Location resource)

I tried all these with same result.

Data Piece 2: (user trying to get their standalone to work)
- "Once you have the authorization code, you are set up for the next step to request the access token. http://fhir.cerner.com/dstu2/authorizat ... cess-token"
- "The POST is actually to the token endpoint, not the authorize endpoint. Both are listed in our conformance statement. You get the authorization code from the authorize endpoint, then get the access token from the token endpoint."

Data Piece3:
I am using this data for my App Info as I saw another user for standalone app put "None"

SMART Launch URI: None
Redirect URI: http://127.0.0.1:62121/

Update: Changed URL's to suggested URL's by FHIR.

How do I "Please assign a randomly generated value for state."?

Thank you for taking a look

[monte]

Hi

There was an issue in your code. You can't set the value of a script local like that.

Try this (I get a login page with this!):

Code: Select all

constant kAuthURL = "https://authorization.sandboxcerner.com/tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/personas/provider/authorize"
constant kTokenURL = "https://authorization.sandboxcerner.com/tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/token"
constant kClientID = "1773907b-8df0-4e47-9350-06fe6a33f491"
constant kClientSecret = ""
constant kScopes = "launch/patient online_access openid profile"
constant kPort = 62121

local sAuth

command PostToFHIR pMessage
   local tParamA
   put "https://fhir-ehr.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca" into tParamA["aud"]
   if sAuth["access_token"] is empty then
      OAuth2 kAuthURL, kTokenURL, kClientID, kClientSecret, kScopes, kPort, tParamA
      if the result is not empty then
         return "OAuth error:" & the result for error
         --answer "Not authorized!"
      else
         put it into sAuth
         answer it
      end if
   end if
end PostToFHIR

One thing is it seems pressing the Cancel button on the login page doesn't close the dialog correctly. There's something *very* different with this OAuth setup than all the other endpoints I've tested against...

[monte]

Hmm... have you setup the redirect URI for this new app? Instead of redirecting it appears to load an error page.

[newpie]

Hello monte, that is great news you made that progress, one step closer. After I log in it gives me "access_denied" return value

Here is my redirect URI settings:

SMART Launch URI: None
Redirect URI: http://127.0.0.1:62121/

I am not certain what to change it to, do you have any ideas and I will upload a new livecode stack when I do. I asked FHIR as well. I will update this if I get to work.

Side note: They mentioned the log in is supposed to open up in a browser window. Is there anyway to get the cancel button to close the window.

FHIR also told me to : "Please assign a randomly generated value for state." I am not sure if that has something to do with the failure.

Thanks for your help.

[monte]

If things are working right the Cancel button should close the window. The redirect should handle cancel too.

State will already have a random UUID

[newpie]

Hey Monte, question for you. As you know you have to login with portal/portal. How do we get out of the pop-up box if we click cancel? Right now it goes to some Error page that freezes the system. I believe it is a browser as I had to have that as an inclusion even to get it to work. If there is something you wish me to ask FHIR Cerner I will.

Thanks

[newpie]

Ok, I looked at your guide and it seems that is posting to Slack ( post tMessage to url sAuth["incoming_webhook"]["url"] ), but if I wanted to just read data only for my app I wouldn't still use post I assume as that is used for writing.

I found their tutorial but it is in javascript:
http://engineering.cerner.com/smart-on- ... r-resource

Lastly I saw in a post this is their resources:
http://fhir.cerner.com/dstu2/

[monte]

Regarding the cancelled page you could ask them why that is not going to the redirect URI if the same code is logging in and sending credentials to the redirect URI. That's different to the other services.

The example was just for slack yes. Once you have the auth token you would need to set the Authorization header and then follow their API docs to access whatever data your app needs. The second link http://fhir.cerner.com/dstu2/ is the one you need. Each api says something like GET /Person?:parameters. This means you need to use HTTP GET. In LiveCode there's a few ways to do that `put url`, `get url` and `load url`. Or you could use tsNet commands directly.

Cheers

Monte