Api failed because user role does not have access to the resource

Support
#1

Situation
I’m attempting to post a document to the /apis/default/api/patient/99185485-1eb9-4154-8f09-cbc468fb024c/document but i keep getting the unauthorized error. i am able to fetch all patients using the fhir endpoint, but i can’t access anything on the non-fhir API. I added all the scopes, my clients are enabled, i get an access token.

The only thing i see is that the accesstoken does not include the api:* scopes. They seem to get excluded. Can that be it? Hope you can point me into a direction.

OpenEMR Version
I’m using OpenEMR version latest

Browser:
I’m using: Postman

Operating System
I’m using: MacOS

Search
Did you search the forum for similar questions?

yes.

Logs

[Mon May 08 18:25:20.766983 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.766950+00:00] OpenEMR.DEBUG: AuthorizationController->oauthAuthorizeToken() starting request [] []
[Mon May 08 18:25:20.768372 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.768347+00:00] OpenEMR.DEBUG: AuthorizationController->oauthAuthorizeToken() grant type received {"grant_type":"client_credentials"} []
[Mon May 08 18:25:20.769824 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.769799+00:00] OpenEMR.DEBUG: AuthorizationController->getAuthorizationServer() creating server [] []
[Mon May 08 18:25:20.775483 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.775450+00:00] OpenEMR.DEBUG: AuthorizationController->getAuthorizationServer() grantType is client_credentials [] []
[Mon May 08 18:25:20.782537 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.782500+00:00] OpenEMR.DEBUG: AuthorizationController->getAuthorizationServer() authServer created [] []
[Mon May 08 18:25:20.782595 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.782576+00:00] OpenEMR.DEBUG: CustomClientCredentialsGrant->getClientCredentials() inside request [] []
[Mon May 08 18:25:20.782618 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.782601+00:00] OpenEMR.DEBUG: CustomClientCredentialsGrant->getClientCredentials() client_assertion_type of jwt-bearer.  Attempting to retrieve client id [] []
[Mon May 08 18:25:20.784180 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.784139+00:00] OpenEMR.DEBUG: CustomClientCredentialsGrant->getClientCredentials() jwt token parsed.  Client id is  ["ZUNdbiYyfZqz-_OEd5MbGlsKEmg4YtAOPxqsj1uVkpw"] []
[Mon May 08 18:25:20.784914 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.784878+00:00] OpenEMR.DEBUG: ClientRepository->getClientEntity() client found {"client":{"client_name":"app #2","redirect_uri":"","is_confidential":"1"}} []
[Mon May 08 18:25:20.786375 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.786325+00:00] OpenEMR.DEBUG: CustomClientCredentialsGrant->getClientCredentials() inside request [] []
[Mon May 08 18:25:20.786430 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.786412+00:00] OpenEMR.DEBUG: CustomClientCredentialsGrant->getClientCredentials() client_assertion_type of jwt-bearer.  Attempting to retrieve client id [] []
[Mon May 08 18:25:20.786530 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.786509+00:00] OpenEMR.DEBUG: CustomClientCredentialsGrant->getClientCredentials() jwt token parsed.  Client id is  ["ZUNdbiYyfZqz-_OEd5MbGlsKEmg4YtAOPxqsj1uVkpw"] []
[Mon May 08 18:25:20.787143 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.787116+00:00] OpenEMR.DEBUG: ClientRepository->getClientEntity() client found {"client":{"client_name":"app #2","redirect_uri":"","is_confidential":"1"}} []
[Mon May 08 18:25:20.790214 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.790171+00:00] OpenEMR.DEBUG: Token parsed {"claims":{"iat":"{"date":"2023-05-08 18:25:20.000000","timezone_type":1,"timezone":"+00:00"}","iss":"ZUNdbiYyfZqz-_OEd5MbGlsKEmg4YtAOPxqsj1uVkpw","sub":"ZUNdbiYyfZqz-_OEd5MbGlsKEmg4YtAOPxqsj1uVkpw","aud":["https://localhost:9301/oauth2/default/token"],"exp":"{"date":"2023-05-08 18:30:20.000000","timezone_type":1,"timezone":"+00:00"}","jti":"a85de7e6-6df8-4788-807a-0f69362e9f4f"},"headers":{"alg":"RS384","typ":"JWT","kid":"Nq_AVoW0nBstjUt6Ni-HKv31lKRDiCtmhVApnkTRkhs"},"signature":"y40xo06dgnRgosNzVOa17Jb6lQ3-0IE4NQBK04d5qLG-o8gj5Wp3zy7hy6nHpGGTR29Vip3nOdPm_mFwMKN8T1FSukvKsjjbUxRmJS_UXWl0gj9Nic93fQHsKPYJ9-X51ATrCNkIa0FY6t4fQL5Gr-FYtTd7KnI_5zB0K3JUE66JPNafrnpSiVKUZElmufdBFK-Wy_y97cNWHj9pXJynec7opClDk-AKJc6kKHqBIy5Ea9WuTAEqvauHL075ojaURhROX8Z1NqNNRO1JTkbyvKcOquBhJWE9QXmq7nxPpzyPhYD-bWZZ5_zOJgCgmxsr-b3khy2jsoj0GQXolRoxzw"} []
[Mon May 08 18:25:20.790294 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.790255+00:00] OpenEMR.DEBUG: RsaSha384Signer->verify() beginning jwt verification [] []
[Mon May 08 18:25:20.792547 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.792513+00:00] OpenEMR.DEBUG: RsaSha384Signer->verify() attempting to retrieve jwk [] []
[Mon May 08 18:25:20.792591 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.792568+00:00] OpenEMR.DEBUG: Attempting to find web key for kid & alg {"kid":"","alg":"RS384"} []
[Mon May 08 18:25:20.822896 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.822862+00:00] OpenEMR.DEBUG: ClientRepository->validateClient() checking client validation {"client":"ZUNdbiYyfZqz-_OEd5MbGlsKEmg4YtAOPxqsj1uVkpw","grantType":"client_credentials"} []
[Mon May 08 18:25:20.824341 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.824313+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() attempting to build validation scopes [] []
[Mon May 08 18:25:20.824456 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.824421+00:00] OpenEMR.DEBUG: ScopeRepository->buildScopeValidatorArray()  {"requestScopeString":"openid fhirUser online_access api:oemr api:fhir api:port system/Patient.$export system/Group.$export system/*.$bulkdata-status system/*.$export profile name address given_name family_name nickname phone phone_verified email email_verified site:default patient/AllergyIntolerance.read patient/Appointment.read patient/Binary.read patient/CarePlan.read patient/CareTeam.read patient/Condition.read patient/Coverage.read patient/Device.read patient/DiagnosticReport.read patient/DocumentReference.$docref patient/DocumentReference.read patient/Encounter.read patient/Goal.read patient/Immunization.read patient/Location.read patient/Medication.read patient/MedicationRequest.read patient/Observation.read patient/Organization.read patient/Patient.read patient/Person.read patient/Practitioner.read patient/Procedure.read patient/Provenance.read system/AllergyIntolerance.read system/Appointment.read system/Binary.read system/CarePlan.read system/CareTeam.read system/Condition.read system/Coverage.read system/Device.read system/DiagnosticReport.read system/DocumentReference.$docref system/DocumentReference.read system/Encounter.read system/Goal.read system/Group.read system/Immunization.read system/Location.read system/Medication.read system/MedicationRequest.read system/Observation.read system/Organization.read system/Patient.read system/Person.read system/Practitioner.read system/PractitionerRole.read system/Procedure.read system/Provenance.read user/AllergyIntolerance.read user/Appointment.read user/Binary.read user/CarePlan.read user/CareTeam.read user/Condition.read user/Coverage.read user/Device.read user/DiagnosticReport.read user/DocumentReference.$docref user/DocumentReference.read user/Encounter.read user/Goal.read user/Immunization.read user/Location.read user/Medication.read user/MedicationRequest.read user/Observation.read user/Organization.read user/Organization.write user/Patient.read user/Patient.write user/Person.read user/Practitioner.read user/Practitioner.write user/PractitionerRole.read user/Procedure.read user/Provenance.read","isStandardApi":"1","isFhirApi":"1"} []
[Mon May 08 18:25:20.824495 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:20.824478+00:00] OpenEMR.DEBUG: ScopeRepository->getCurrentSmartScopes() setting up smart scopes [] []
[Mon May 08 18:25:21.120227 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.120109+00:00] OpenEMR.DEBUG: ScopeRepository->getCurrentSmartScopes() scopes supported  {"scopes":["openid","fhirUser","online_access","offline_access","launch","launch/patient","api:oemr","api:fhir","api:port","system/Patient.$export","system/Group.$export","system/*.$bulkdata-status","system/*.$export","profile","name","address","given_name","family_name","nickname","phone","phone_verified","email","email_verified","site:default","patient/AllergyIntolerance.read","patient/Appointment.read","patient/Binary.read","patient/CarePlan.read","patient/CareTeam.read","patient/Condition.read","patient/Coverage.read","patient/Device.read","patient/DiagnosticReport.read","patient/DocumentReference.$docref","patient/DocumentReference.read","patient/Encounter.read","patient/Goal.read","patient/Immunization.read","patient/Location.read","patient/Medication.read","patient/MedicationRequest.read","patient/Observation.read","patient/Organization.read","patient/Patient.read","patient/Person.read","patient/Practitioner.read","patient/Procedure.read","patient/Provenance.read","system/AllergyIntolerance.read","system/Appointment.read","system/Binary.read","system/CarePlan.read","system/CareTeam.read","system/Condition.read","system/Coverage.read","system/Device.read","system/DiagnosticReport.read","system/DocumentReference.$docref","system/DocumentReference.read","system/Encounter.read","system/Goal.read","system/Group.read","system/Immunization.read","system/Location.read","system/Medication.read","system/MedicationRequest.read","system/Observation.read","system/Organization.read","system/Patient.read","system/Person.read","system/Practitioner.read","system/PractitionerRole.read","system/Procedure.read","system/Provenance.read","user/AllergyIntolerance.read","user/Appointment.read","user/Binary.read","user/CarePlan.read","user/CareTeam.read","user/Condition.read","user/Coverage.read","user/Device.read","user/DiagnosticReport.read","user/DocumentReference.$docref","user/DocumentReference.read","user/Encounter.read","user/Goal.read","user/Immunization.read","user/Location.read","user/Medication.read","user/MedicationRequest.read","user/Observation.read","user/Organization.read","user/Organization.write","user/Patient.read","user/Patient.write","user/Person.read","user/Practitioner.read","user/Practitioner.write","user/PractitionerRole.read","user/Procedure.read","user/Provenance.read"]} []
[Mon May 08 18:25:21.120761 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.120734+00:00] OpenEMR.DEBUG: ScopeRepository->getCurrentStandardScopes() setting up standard api scopes [] []
[Mon May 08 18:25:21.131256 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131209+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"openid"} []
[Mon May 08 18:25:21.131311 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131291+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"fhirUser"} []
[Mon May 08 18:25:21.131335 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131319+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"online_access"} []
[Mon May 08 18:25:21.131363 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131347+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"api:oemr"} []
[Mon May 08 18:25:21.131390 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131374+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"api:fhir"} []
[Mon May 08 18:25:21.131416 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131401+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"api:port"} []
[Mon May 08 18:25:21.131444 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131428+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/Patient.$export"} []
[Mon May 08 18:25:21.131471 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131456+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/Group.$export"} []
[Mon May 08 18:25:21.131498 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131483+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/*.$bulkdata-status"} []
[Mon May 08 18:25:21.131525 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131510+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/*.$export"} []
[Mon May 08 18:25:21.131551 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131536+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"profile"} []
[Mon May 08 18:25:21.131577 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131562+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"name"} []
[Mon May 08 18:25:21.131603 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131588+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"address"} []
[Mon May 08 18:25:21.131628 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131613+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"given_name"} []
[Mon May 08 18:25:21.131653 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131639+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"family_name"} []
[Mon May 08 18:25:21.131678 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131664+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"nickname"} []
[Mon May 08 18:25:21.131703 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131689+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"phone"} []
[Mon May 08 18:25:21.131728 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131714+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"phone_verified"} []
[Mon May 08 18:25:21.131754 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131739+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"email"} []
[Mon May 08 18:25:21.131774 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131760+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"email_verified"} []
[Mon May 08 18:25:21.131794 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131780+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"site:default"} []
[Mon May 08 18:25:21.131814 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131800+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/AllergyIntolerance.read"} []
[Mon May 08 18:25:21.131834 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131820+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/Appointment.read"} []
[Mon May 08 18:25:21.131854 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131840+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/Binary.read"} []
[Mon May 08 18:25:21.131874 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131860+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/CarePlan.read"} []
[Mon May 08 18:25:21.131894 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131880+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/CareTeam.read"} []
[Mon May 08 18:25:21.131913 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131899+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/Condition.read"} []
[Mon May 08 18:25:21.131933 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131919+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/Coverage.read"} []
[Mon May 08 18:25:21.131952 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131938+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/Device.read"} []
[Mon May 08 18:25:21.131972 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131958+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/DiagnosticReport.read"} []
[Mon May 08 18:25:21.131992 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131978+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/DocumentReference.$docref"} []
[Mon May 08 18:25:21.132011 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.131997+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/DocumentReference.read"} []
[Mon May 08 18:25:21.132049 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132019+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/Encounter.read"} []
[Mon May 08 18:25:21.132105 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132068+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/Goal.read"} []
[Mon May 08 18:25:21.132226 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132124+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/Immunization.read"} []
[Mon May 08 18:25:21.132276 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132246+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/Location.read"} []
[Mon May 08 18:25:21.132306 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132289+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/Medication.read"} []
[Mon May 08 18:25:21.132330 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132313+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/MedicationRequest.read"} []
[Mon May 08 18:25:21.132352 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132336+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/Observation.read"} []
[Mon May 08 18:25:21.132379 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132362+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/Organization.read"} []
[Mon May 08 18:25:21.132403 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132387+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/Patient.read"} []
[Mon May 08 18:25:21.132424 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132409+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/Person.read"} []
[Mon May 08 18:25:21.132445 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132430+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/Practitioner.read"} []
[Mon May 08 18:25:21.132465 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132450+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/Procedure.read"} []
[Mon May 08 18:25:21.132486 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132471+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"patient/Provenance.read"} []
[Mon May 08 18:25:21.132506 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132492+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/AllergyIntolerance.read"} []
[Mon May 08 18:25:21.132527 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132512+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/Appointment.read"} []
[Mon May 08 18:25:21.132548 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132533+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/Binary.read"} []
[Mon May 08 18:25:21.132569 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132554+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/CarePlan.read"} []
[Mon May 08 18:25:21.132589 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132575+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/CareTeam.read"} []
[Mon May 08 18:25:21.132618 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132597+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/Condition.read"} []
[Mon May 08 18:25:21.132643 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132628+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/Coverage.read"} []
[Mon May 08 18:25:21.132664 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132649+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/Device.read"} []
[Mon May 08 18:25:21.132687 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132670+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/DiagnosticReport.read"} []
[Mon May 08 18:25:21.132713 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132698+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/DocumentReference.$docref"} []
[Mon May 08 18:25:21.132748 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132720+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/DocumentReference.read"} []
[Mon May 08 18:25:21.132795 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132768+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/Encounter.read"} []
[Mon May 08 18:25:21.132825 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132805+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/Goal.read"} []
[Mon May 08 18:25:21.132858 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132839+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/Group.read"} []
[Mon May 08 18:25:21.132882 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132868+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/Immunization.read"} []
[Mon May 08 18:25:21.132902 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132888+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/Location.read"} []
[Mon May 08 18:25:21.132931 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132912+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/Medication.read"} []
[Mon May 08 18:25:21.132956 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132941+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/MedicationRequest.read"} []
[Mon May 08 18:25:21.132977 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132962+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/Observation.read"} []
[Mon May 08 18:25:21.133010 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.132983+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/Organization.read"} []
[Mon May 08 18:25:21.133208 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133186+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/Patient.read"} []
[Mon May 08 18:25:21.133469 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133441+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/Person.read"} []
[Mon May 08 18:25:21.133494 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133479+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/Practitioner.read"} []
[Mon May 08 18:25:21.133528 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133506+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/PractitionerRole.read"} []
[Mon May 08 18:25:21.133553 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133538+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/Procedure.read"} []
[Mon May 08 18:25:21.133573 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133559+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"system/Provenance.read"} []
[Mon May 08 18:25:21.133593 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133579+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/AllergyIntolerance.read"} []
[Mon May 08 18:25:21.133614 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133600+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/Appointment.read"} []
[Mon May 08 18:25:21.133641 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133619+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/Binary.read"} []
[Mon May 08 18:25:21.133667 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133651+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/CarePlan.read"} []
[Mon May 08 18:25:21.133686 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133672+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/CareTeam.read"} []
[Mon May 08 18:25:21.133712 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133692+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/Condition.read"} []
[Mon May 08 18:25:21.133746 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133729+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/Coverage.read"} []
[Mon May 08 18:25:21.133799 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133765+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/Device.read"} []
[Mon May 08 18:25:21.133845 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133825+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/DiagnosticReport.read"} []
[Mon May 08 18:25:21.133888 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133856+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/DocumentReference.$docref"} []
[Mon May 08 18:25:21.133918 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133903+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/DocumentReference.read"} []
[Mon May 08 18:25:21.133938 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133924+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/Encounter.read"} []
[Mon May 08 18:25:21.133963 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133948+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/Goal.read"} []
[Mon May 08 18:25:21.133983 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133969+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/Immunization.read"} []
[Mon May 08 18:25:21.134003 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.133989+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/Location.read"} []
[Mon May 08 18:25:21.134037 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.134013+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/Medication.read"} []
[Mon May 08 18:25:21.134092 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.134056+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/MedicationRequest.read"} []
[Mon May 08 18:25:21.134181 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.134118+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/Observation.read"} []
[Mon May 08 18:25:21.134236 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.134210+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/Organization.read"} []
[Mon May 08 18:25:21.134268 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.134250+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/Organization.write"} []
[Mon May 08 18:25:21.134335 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.134295+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/Patient.read"} []
[Mon May 08 18:25:21.134405 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.134363+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/Patient.write"} []
[Mon May 08 18:25:21.134471 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.134433+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/Person.read"} []
[Mon May 08 18:25:21.134532 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.134497+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/Practitioner.read"} []
[Mon May 08 18:25:21.134597 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.134561+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/Practitioner.write"} []
[Mon May 08 18:25:21.134646 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.134626+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/PractitionerRole.read"} []
[Mon May 08 18:25:21.134692 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.134661+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/Procedure.read"} []
[Mon May 08 18:25:21.134749 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.134711+00:00] OpenEMR.DEBUG: ScopeRepository->getScopeEntityByIdentifier() scope requested exists in system {"identifier":"user/Provenance.read"} []
[Mon May 08 18:25:21.136715 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.136372+00:00] OpenEMR.DEBUG: ScopeRepository->finalizeScopes() scopes finalized  {"finalizedScopes":["openid","fhirUser","online_access","api:oemr","api:fhir","api:port","system/Patient.$export","system/Group.$export","system/*.$bulkdata-status","system/*.$export","profile","name","address","given_name","family_name","nickname","phone","phone_verified","email","email_verified","site:default","patient/AllergyIntolerance.read","patient/Appointment.read","patient/Binary.read","patient/CarePlan.read","patient/CareTeam.read","patient/Condition.read","patient/Coverage.read","patient/Device.read","patient/DiagnosticReport.read","patient/DocumentReference.$docref","patient/DocumentReference.read","patient/Encounter.read","patient/Goal.read","patient/Immunization.read","patient/Location.read","patient/Medication.read","patient/MedicationRequest.read","patient/Observation.read","patient/Organization.read","patient/Patient.read","patient/Person.read","patient/Practitioner.read","patient/Procedure.read","patient/Provenance.read","system/AllergyIntolerance.read","system/Appointment.read","system/Binary.read","system/CarePlan.read","system/CareTeam.read","system/Condition.read","system/Coverage.read","system/Device.read","system/DiagnosticReport.read","system/DocumentReference.$docref","system/DocumentReference.read","system/Encounter.read","system/Goal.read","system/Group.read","system/Immunization.read","system/Location.read","system/Medication.read","system/MedicationRequest.read","system/Observation.read","system/Organization.read","system/Patient.read","system/Person.read","system/Practitioner.read","system/PractitionerRole.read","system/Procedure.read","system/Provenance.read","user/AllergyIntolerance.read","user/Appointment.read","user/Binary.read","user/CarePlan.read","user/CareTeam.read","user/Condition.read","user/Coverage.read","user/Device.read","user/DiagnosticReport.read","user/DocumentReference.$docref","user/DocumentReference.read","user/Encounter.read","user/Goal.read","user/Immunization.read","user/Location.read","user/Medication.read","user/MedicationRequest.read","user/Observation.read","user/Organization.read","user/Organization.write","user/Patient.read","user/Patient.write","user/Person.read","user/Practitioner.read","user/Practitioner.write","user/PractitionerRole.read","user/Procedure.read","user/Provenance.read","site:default"],"clientScopes":["openid","fhirUser","online_access","offline_access","launch","launch/patient","api:oemr","api:fhir","api:port","system/Patient.$export","system/Group.$export","system/*.$bulkdata-status","system/*.$export","profile","name","address","given_name","family_name","nickname","phone","phone_verified","email","email_verified","site:default","patient/AllergyIntolerance.read","patient/Appointment.read","patient/Binary.read","patient/CarePlan.read","patient/CareTeam.read","patient/Condition.read","patient/Coverage.read","patient/Device.read","patient/DiagnosticReport.read","patient/DocumentReference.$docref","patient/DocumentReference.read","patient/Encounter.read","patient/Goal.read","patient/Immunization.read","patient/Location.read","patient/Medication.read","patient/MedicationRequest.read","patient/Observation.read","patient/Organization.read","patient/Patient.read","patient/Person.read","patient/Practitioner.read","patient/Procedure.read","patient/Provenance.read","system/AllergyIntolerance.read","system/Appointment.read","system/Binary.read","system/CarePlan.read","system/CareTeam.read","system/Condition.read","system/Coverage.read","system/Device.read","system/DiagnosticReport.read","system/DocumentReference.$docref","system/DocumentReference.read","system/Encounter.read","system/Goal.read","system/Group.read","system/Immunization.read","system/Location.read","system/Medication.read","system/MedicationRequest.read","system/Observation.read","system/Organization.read","system/Patient.read","system/Person.read","system/Practitioner.read","system/PractitionerRole.read","system/Procedure.read","system/Provenance.read","user/AllergyIntolerance.read","user/Appointment.read","user/Binary.read","user/CarePlan.read","user/CareTeam.read","user/Condition.read","user/Coverage.read","user/Device.read","user/DiagnosticReport.read","user/DocumentReference.$docref","user/DocumentReference.read","user/Encounter.read","user/Goal.read","user/Immunization.read","user/Location.read","user/Medication.read","user/MedicationRequest.read","user/Observation.read","user/Organization.read","user/Organization.write","user/Patient.read","user/Patient.write","user/Person.read","user/Practitioner.read","user/Practitioner.write","user/PractitionerRole.read","user/Procedure.read","user/Provenance.read"],"initialScopes":["openid","fhirUser","online_access","api:oemr","api:fhir","api:port","system/Patient.$export","system/Group.$export","system/*.$bulkdata-status","system/*.$export","profile","name","address","given_name","family_name","nickname","phone","phone_verified","email","email_verified","site:default","patient/AllergyIntolerance.read","patient/Appointment.read","patient/Binary.read","patient/CarePlan.read","patient/CareTeam.read","patient/Condition.read","patient/Coverage.read","patient/Device.read","patient/DiagnosticReport.read","patient/DocumentReference.$docref","patient/DocumentReference.read","patient/Encounter.read","patient/Goal.read","patient/Immunization.read","patient/Location.read","patient/Medication.read","patient/MedicationRequest.read","patient/Observation.read","patient/Organization.read","patient/Patient.read","patient/Person.read","patient/Practitioner.read","patient/Procedure.read","patient/Provenance.read","system/AllergyIntolerance.read","system/Appointment.read","system/Binary.read","system/CarePlan.read","system/CareTeam.read","system/Condition.read","system/Coverage.read","system/Device.read","system/DiagnosticReport.read","system/DocumentReference.$docref","system/DocumentReference.read","system/Encounter.read","system/Goal.read","system/Group.read","system/Immunization.read","system/Location.read","system/Medication.read","system/MedicationRequest.read","system/Observation.read","system/Organization.read","system/Patient.read","system/Person.read","system/Practitioner.read","system/PractitionerRole.read","system/Procedure.read","system/Provenance.read","user/AllergyIntolerance.read","user/Appointment.read","user/Binary.read","user/CarePlan.read","user/CareTeam.read","user/Condition.read","user/Coverage.read","user/Device.read","user/DiagnosticReport.read","user/DocumentReference.$docref","user/DocumentReference.read","user/Encounter.read","user/Goal.read","user/Immunization.read","user/Location.read","user/Medication.read","user/MedicationRequest.read","user/Observation.read","user/Organization.read","user/Organization.write","user/Patient.read","user/Patient.write","user/Person.read","user/Practitioner.read","user/Practitioner.write","user/PractitionerRole.read","user/Procedure.read","user/Provenance.read"]} []
[Mon May 08 18:25:21.163817 2023] [php:warn] [pid 2125] [client 172.21.0.1:58300] PHP Warning:  Undefined variable $fhirUser in /var/www/localhost/htdocs/openemr/src/Common/Auth/OpenIDConnect/Entities/UserEntity.php on line 88
[Mon May 08 18:25:21.166177 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.166117+00:00] OpenEMR.DEBUG: IdTokenSMARTResponse->getExtraParams() params from parent  {"params":{"id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJaVU5kYmlZeWZacXotX09FZDVNYkdsc0tFbWc0WXRBT1B4cXNqMXVWa3B3IiwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6OTMwMS9vYXV0aDIvZGVmYXVsdCIsImlhdCI6MTY4MzU3MDMyMSwiZXhwIjoxNjgzNTcwNjIxLCJzdWIiOiI5OTE4NDlkNy1kYTU4LTQ5YjctYjVhNS04NWViNjZlMzNkOWUiLCJmaGlyVXNlciI6bnVsbCwiYXBpOm9lbXIiOnRydWUsImFwaTpmaGlyIjp0cnVlLCJhcGk6cG9ydCI6dHJ1ZX0.CeiqGjZsAO1TGogMBWAF_hrMhHFd0NUlQ3oUkd89nO-kUHNvSw4RuPcnm_JhqmhRHnd3pm-MjcjoFYhmNuHFYo_inAzSX-nLapOVKxIFLi2Q8BrMmorjwzgN_kV6YcmsHWlJ91ekc2CpJHh0Vt59tHUMlOZ0TiLAGvkb3NNRYQunqI0RtkHCbMlkopz4QGgHO58xEMt9c5pepSHo_oVXpRQtuc5RqEk_URiODI4nLQ6t2ZaVQikAr1cbO0ViNCg4dOZHNPWsngp7FJZ97mpug478Dmc3mc68cEJOUb8fJ6miMm5GcmFWHv2Hj1rg3dOiwTQigpMAeQko53IlTfxw3w"}} []
[Mon May 08 18:25:21.166317 2023] [php:notice] [pid 2125] [client 172.21.0.1:58300] [2023-05-08T18:25:21.166281+00:00] OpenEMR.DEBUG: IdTokenSMARTResponse->getExtraParams() final params {"params":{"id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJaVU5kYmlZeWZacXotX09FZDVNYkdsc0tFbWc0WXRBT1B4cXNqMXVWa3B3IiwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6OTMwMS9vYXV0aDIvZGVmYXVsdCIsImlhdCI6MTY4MzU3MDMyMSwiZXhwIjoxNjgzNTcwNjIxLCJzdWIiOiI5OTE4NDlkNy1kYTU4LTQ5YjctYjVhNS04NWViNjZlMzNkOWUiLCJmaGlyVXNlciI6bnVsbCwiYXBpOm9lbXIiOnRydWUsImFwaTpmaGlyIjp0cnVlLCJhcGk6cG9ydCI6dHJ1ZX0.CeiqGjZsAO1TGogMBWAF_hrMhHFd0NUlQ3oUkd89nO-kUHNvSw4RuPcnm_JhqmhRHnd3pm-MjcjoFYhmNuHFYo_inAzSX-nLapOVKxIFLi2Q8BrMmorjwzgN_kV6YcmsHWlJ91ekc2CpJHh0Vt59tHUMlOZ0TiLAGvkb3NNRYQunqI0RtkHCbMlkopz4QGgHO58xEMt9c5pepSHo_oVXpRQtuc5RqEk_URiODI4nLQ6t2ZaVQikAr1cbO0ViNCg4dOZHNPWsngp7FJZ97mpug478Dmc3mc68cEJOUb8fJ6miMm5GcmFWHv2Hj1rg3dOiwTQigpMAeQko53IlTfxw3w","scope":"openid fhirUser online_access system/Patient.$export system/Group.$export system/*.$bulkdata-status system/*.$export profile name address given_name family_name nickname phone phone_verified email email_verified patient/AllergyIntolerance.read patient/Appointment.read patient/Binary.read patient/CarePlan.read patient/CareTeam.read patient/Condition.read patient/Coverage.read patient/Device.read patient/DiagnosticReport.read patient/DocumentReference.$docref patient/DocumentReference.read patient/Encounter.read patient/Goal.read patient/Immunization.read patient/Location.read patient/Medication.read patient/MedicationRequest.read patient/Observation.read patient/Organization.read patient/Patient.read patient/Person.read patient/Practitioner.read patient/Procedure.read patient/Provenance.read system/AllergyIntolerance.read system/Appointment.read system/Binary.read system/CarePlan.read system/CareTeam.read system/Condition.read system/Coverage.read system/Device.read system/DiagnosticReport.read system/DocumentReference.$docref system/DocumentReference.read system/Encounter.read system/Goal.read system/Group.read system/Immunization.read system/Location.read system/Medication.read system/MedicationRequest.read system/Observation.read system/Organization.read system/Patient.read system/Person.read system/Practitioner.read system/PractitionerRole.read system/Procedure.read system/Provenance.read user/AllergyIntolerance.read user/Appointment.read user/Binary.read user/CarePlan.read user/CareTeam.read user/Condition.read user/Coverage.read user/Device.read user/DiagnosticReport.read user/DocumentReference.$docref user/DocumentReference.read user/Encounter.read user/Goal.read user/Immunization.read user/Location.read user/Medication.read user/MedicationRequest.read user/Observation.read user/Organization.read user/Organization.write user/Patient.read user/Patient.write user/Person.read user/Practitioner.read user/Practitioner.write user/PractitionerRole.read user/Procedure.read user/Provenance.read"}} []
[Mon May 08 18:25:21.400273 2023] [php:notice] [pid 2115] [client 172.21.0.1:58312] [2023-05-08T18:25:21.399683+00:00] OpenEMR.DEBUG: dispatch.php authenticating user [] []
[Mon May 08 18:25:21.407479 2023] [php:notice] [pid 2115] [client 172.21.0.1:58312] [2023-05-08T18:25:21.407440+00:00] OpenEMR.ERROR: OpenEMR Error: api failed because user role does not have access to the resource {"resource":"/api/patient/99185485-1eb9-4154-8f09-cbc468fb024c/document","userRole":"system"} []
#2

If you use both the standard and FHIR api, you need to make sure your client app and your access token have the api:oemr and the api:fhir scope.

#3

Thanks for your quick response. That’s the thing, i’m requesting both scopes:

const response = await clientHttp.request({
        url: `${this.host}/oauth2/default/token`,
        method: 'post',
        headers: {
          'content-type': 'application/x-www-form-urlencoded'
        },
        data: qs.stringify({
          grant_type: 'client_credentials',
          client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
          scope: 'openid fhirUser online_access api:oemr api:fhir api:port system/Patient.$export system/Group.$export system/*.$bulkdata-status system/*.$export profile name address given_name family_name nickname phone phone_verified email email_verified site:default patient/AllergyIntolerance.read patient/Appointment.read patient/Binary.read patient/CarePlan.read patient/CareTeam.read patient/Condition.read patient/Coverage.read patient/Device.read patient/DiagnosticReport.read patient/DocumentReference.$docref patient/DocumentReference.read patient/Encounter.read patient/Goal.read patient/Immunization.read patient/Location.read patient/Medication.read patient/MedicationRequest.read patient/Observation.read patient/Organization.read patient/Patient.read patient/Person.read patient/Practitioner.read patient/Procedure.read patient/Provenance.read system/AllergyIntolerance.read system/Appointment.read system/Binary.read system/CarePlan.read system/CareTeam.read system/Condition.read system/Coverage.read system/Device.read system/DiagnosticReport.read system/DocumentReference.$docref system/DocumentReference.read system/Encounter.read system/Goal.read system/Group.read system/Immunization.read system/Location.read system/Medication.read system/MedicationRequest.read system/Observation.read system/Organization.read system/Patient.read system/Person.read system/Practitioner.read system/PractitionerRole.read system/Procedure.read system/Provenance.read user/AllergyIntolerance.read user/Appointment.read user/Binary.read user/CarePlan.read user/CareTeam.read user/Condition.read user/Coverage.read user/Device.read user/DiagnosticReport.read user/DocumentReference.$docref user/DocumentReference.read user/Encounter.read user/Goal.read user/Immunization.read user/Location.read user/Medication.read user/MedicationRequest.read user/Observation.read user/Organization.read user/Organization.write user/Patient.read user/Patient.write user/Person.read user/Practitioner.read user/Practitioner.write user/PractitionerRole.read user/Procedure.read user/Provenance.read',
          client_assertion: token
        })
      });

But for some reason i only get access to the fhir api.

Also my client registration has both scopes.

#4

@adunsulag i looked a bit further into the openEMR dispatch.php logic. I see the following:

    if (
        // fhir routes are the default and can send openid/fhirUser w/ authorization_code, or no scopes at all
        // with Client Credentials, so we only reject requests for standard or portal if the correct scope is not
        // sent.
        ($gbl::is_api_request($resource) && !in_array('api:oemr', $GLOBALS['oauth_scopes'])) ||
        ($gbl::is_portal_request($resource) && !in_array('api:port', $GLOBALS['oauth_scopes']))
    ) {
        $logger->error("dispatch.php api call with token that does not cover the requested route");
        $gbl::destroySession();
        http_response_code(401);
        exit();
    }
    // ensure user role has access to the resource
    //  for now assuming:
    //   users has access to oemr and fhir
    //   patient has access to port and fhir
    if ($userRole == 'users' && ($gbl::is_api_request($resource) || $gbl::is_fhir_request($resource))) {
        $logger->debug("dispatch.php valid role and user has access to api/fhir resource", ['resource' => $resource]);
        // good to go
    } elseif ($userRole == 'patient' && ($gbl::is_portal_request($resource) || $gbl::is_fhir_request($resource))) {
        $logger->debug("dispatch.php valid role and patient has access portal resource", ['resource' => $resource]);
        // good to go
    } elseif ($userRole === 'system' && ($gbl::is_fhir_request($resource))) {
        $logger->debug("dispatch.php valid role and system has access to api/fhir resource", ['resource' => $resource]);
    } else {
        $logger->error("OpenEMR Error: api failed because user role does not have access to the resource", ['resource' => $resource, 'userRole' => $userRole]);
        $gbl::destroySession();
        http_response_code(401);
        exit();
    }

In the system role check it seems to allow check for FHIR routes, and not the normal API routes. Is this intentional?

I’m using the client_credentials flow. I assume that by default this gives me the system role. Can i also change the authorization request so i get a patient or user role?

#5

Yea, we intentionally siloed the client_credentials grant to using the FHIR apis. The security review by the admin team felt standard apis weren’t built at that time to handle an unrestricted super admin that bypasses all the ACL checks.

Right now client_credentials locks you down to that system user role, users and patients roles are established through one of the other grant types. I recognize this is probably going to be a pain point for what you are trying to do.

I’d like to revamp that whole permissions check (which as you can tell is pretty gnarly), but I haven’t been able to get it yet.

#6

Thanks for the reply. That explains.

I’m looking for a way to obtain an access_token in an API only flow. I guess that leaves me with the password grant flow right? According to the documentation the authorization code grant relies on a browser flow.

#7

Yea, password grant flow should let you do that, I haven’t played with the password grant much at all as we plan on removing it in the future. I know others are using it so it should work for you.

Sounds like we’ll need to fix the credentials_grant stuff before we remove password grant to make sure we keep support for this use case.