LiveCode is the premier environment for creating multi-platform solutions for all major operating systems - Windows, Mac OS X, Linux, the Web, Server environments and Mobile platforms. Brand new to LiveCode? Welcome!
Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller
-
newpie
- Livecode Opensource Backer
- Posts: 155
- Joined: Sat Jun 29, 2013 11:24 pm
Post
by newpie » Thu Jan 12, 2017 6:30 pm
Hello, I am having trouble connecting to a testbed sandbox successfully and retrieving a token and then query for standalone app only, not web app. The below is what I tried so far but get URI redirect error.
Code: Select all
constant kAuthURL = "https://authorization.sandboxcerner.com/tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/personas/provider/authorize"
constant kTokenURL = "https://authorization.sandboxcerner.com/tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/token"
constant kClientID = "1d843340-66fe-4691-b179-2ac46704356d "
constant kClientSecret = ""
constant kScopes = "patient/Observation.read patient/Patient.read openid profile launch/patient"
constant kPort = 443
local sAuth
command PostToSlack pMessage
if sAuth["access_token"] is empty then
OAuth2 kAuthURL, kTokenURL, kClientID, kClientSecret, kScopes, kPort
if the result is not empty then
return "Not authorized!" for error
else
put it into sAuth
end if
end if
end PostToSlack
Let me know if you wish me to PM you.
Thanks
-
monte
- VIP Livecode Opensource Backer
- Posts: 1564
- Joined: Fri Jan 13, 2012 1:47 am
-
Contact:
Post
by monte » Fri Jan 13, 2017 5:43 am
Hi @newpie
Many APIs require you to set a redirect URI server side and failing to do so or setting it incorrectly will result in the redirect uri mismatch error. In this case you need to set it to:
http://127.0.0.1:443/. There should be some method available to do so in the api console where you got your client id and secret from.
However, you might not want to use port 443 as it's such a commonly used port. The recommended range in the docs is 49152 to 65535.
Cheers
Monte
LiveCode User Group on Facebook : http://FaceBook.com/groups/LiveCodeUsers/
-
newpie
- Livecode Opensource Backer
- Posts: 155
- Joined: Sat Jun 29, 2013 11:24 pm
Post
by newpie » Fri Jan 13, 2017 3:22 pm
Hello, I found out this bit of information that might help get working:
"After you redirect to the Cerner authorization page you should see a login form where you enter user name and password, and after that you should be redirected back to your redirect URL
http://127.0.0.1:62121"
Seems it should open up browser where I can log in.
-
monte
- VIP Livecode Opensource Backer
- Posts: 1564
- Joined: Fri Jan 13, 2012 1:47 am
-
Contact:
Post
by monte » Sun Jan 15, 2017 11:24 pm
I don't think the smart launch URI is anything to do with OAuth.
I presume when you are testing this you are setting the client secret in your script.
Try changing it to `return "OAuth error:" & the result for error` so you can see what error is being returned by the server.
LiveCode User Group on Facebook : http://FaceBook.com/groups/LiveCodeUsers/
-
newpie
- Livecode Opensource Backer
- Posts: 155
- Joined: Sat Jun 29, 2013 11:24 pm
Post
by newpie » Mon Jan 16, 2017 8:50 pm
Hello monte, I tried doing the error piece and it didn't return. I also checked again and they stated there is no clientSecret. I am not sure it is because it is sandbox domain is the reason.
I posted the code below if you need it.
Code: Select all
constant kAuthURL = "https://authorization.sandboxcerner.com/tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/personas/provider/authorize"
constant kTokenURL = "https://authorization.sandboxcerner.com/tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/token"
constant kClientID = "e4193b40-e317-47c2-b385-e5017c6b5f0a"
constant kClientSecret = ""
constant kScopes = "openid profile user/*.read"
constant kPort = 62121
local sAuth
command PostToFHIR pMessage
if sAuth["access_token"] is empty then
OAuth2 kAuthURL, kTokenURL, kClientID, kClientSecret, kScopes, kPort
if the result is not empty then
return "OAuth error:" & the result for error
--answer "Not authorized!"
else
put it into sAuth
answer it
end if
end if
-
monte
- VIP Livecode Opensource Backer
- Posts: 1564
- Joined: Fri Jan 13, 2012 1:47 am
-
Contact:
Post
by monte » Wed Jan 18, 2017 5:59 am
Looking at the docs here
http://docs.smarthealthit.org/authorization/ I see that you need an additional `aud` parameter:
URL of the EHR resource server from which the app wishes to retrieve FHIR data. This parameter prevents leaking a genuine bearer token to a counterfeit resource server. (Note: in the case of an EHR launch flow, this aud value is the same as the launch's iss value.)
I also found a bug in the OAuth2 library encoding spaces incorrectly which I'll fix right now.
LiveCode User Group on Facebook : http://FaceBook.com/groups/LiveCodeUsers/
-
monte
- VIP Livecode Opensource Backer
- Posts: 1564
- Joined: Fri Jan 13, 2012 1:47 am
-
Contact:
Post
by monte » Wed Jan 18, 2017 6:04 am
LiveCode User Group on Facebook : http://FaceBook.com/groups/LiveCodeUsers/
-
Mikey
- VIP Livecode Opensource Backer
- Posts: 755
- Joined: Fri Jun 27, 2008 9:00 pm
Post
by Mikey » Wed Jan 18, 2017 2:53 pm
what oauth2 library? did I miss some new feature? Server, client, both?
-
newpie
- Livecode Opensource Backer
- Posts: 155
- Joined: Sat Jun 29, 2013 11:24 pm
Post
by newpie » Wed Jan 18, 2017 8:58 pm
@Mikey - Hello, I saw the library in the 9.0 dp4 version.
@Monte - This is great news! I appreciate your help. I wish to test it, do I copy and replace a "oauth2.livecodescript" file located in the livecode folders? Or will this be uploaded to a new dp version soon?
Thanks
-
monte
- VIP Livecode Opensource Backer
- Posts: 1564
- Joined: Fri Jan 13, 2012 1:47 am
-
Contact:
Post
by monte » Fri Jan 20, 2017 2:44 am
@newpie you could copy the whole file or just edit your version to comment out those lines
LiveCode User Group on Facebook : http://FaceBook.com/groups/LiveCodeUsers/
-
newpie
- Livecode Opensource Backer
- Posts: 155
- Joined: Sat Jun 29, 2013 11:24 pm
Post
by newpie » Fri Jan 20, 2017 4:57 pm
monte wrote:Looking at the docs here
http://docs.smarthealthit.org/authorization/ I see that you need an additional `aud` parameter:
URL of the EHR resource server from which the app wishes to retrieve FHIR data. This parameter prevents leaking a genuine bearer token to a counterfeit resource server. (Note: in the case of an EHR launch flow, this aud value is the same as the launch's iss value.)
Hey Monte, If I can find out the additional`aud` parameter where would I put it in my code I posted above? Can I use this library with them I guess is the main question. From what I gather I need to log in with portal/portal (in sandbox mode) before obtaining access. I did test the library again after editing, but still get no error and a pop up box which disappears quickly that says Authenticate in header.
Thanks for your assistance and time.
-
monte
- VIP Livecode Opensource Backer
- Posts: 1564
- Joined: Fri Jan 13, 2012 1:47 am
-
Contact:
Post
by monte » Tue Jan 24, 2017 4:17 am
Hi @newpie
It should be something like:
Code: Select all
local tParamA
put "whatever the aud url is" into tParamA["aud"]
OAuth2 kAuthURL, kTokenURL, kClientID, kClientSecret, kScopes, kPort, tParamA
LiveCode User Group on Facebook : http://FaceBook.com/groups/LiveCodeUsers/
-
newpie
- Livecode Opensource Backer
- Posts: 155
- Joined: Sat Jun 29, 2013 11:24 pm
Post
by newpie » Wed Jan 25, 2017 6:46 pm
monte wrote:Hi @newpie
It should be something like:
Code: Select all
local tParamA
put "whatever the aud url is" into tParamA["aud"]
OAuth2 kAuthURL, kTokenURL, kClientID, kClientSecret, kScopes, kPort, tParamA
Hello monte, I did try that with the supplied aud URL's, but no luck. I asked FHIR and they gave me the reply below. When I perform the OAuth2 library coding it always pops up box for a short second with title bar heading "Authenticate". Basically the user logs in. The log in is portal/portal for sandbox FHIR. Any ideas to get this working? Thank you for any help.
-
monte
- VIP Livecode Opensource Backer
- Posts: 1564
- Joined: Fri Jan 13, 2012 1:47 am
-
Contact:
Post
by monte » Thu Jan 26, 2017 12:52 am
Aha! So it looks like there's an extra step involved here
http://docs.smarthealthit.org/authorization/
See the section labeled
SMART “launch sequence”
I presume you need the
Standalone launch sequence
So you must request the metadata in order to get the OAuth endpoints (perhaps there's a reason not to hard code them?)
You also appear to need to add a launch context to your scopes. Probably
is what you need I think...
LiveCode User Group on Facebook : http://FaceBook.com/groups/LiveCodeUsers/