Cannot authorize with Swagger

Hi Team,
I’m using an openemr docker 6.1.0-dev. At this point I’m basically trying to replicate the first FHIR lesson https://www.youtube.com/watch?v=LQHNRBgg6Q8&ab_channel=OpenEMR

But for some reason I cannot authorize using Swagger. The response I’m getting is
{“error”:“invalid_client”,“error_description”:“Client authentication failed”,“message”:“Client authentication failed”}

I made sure that the app is enabled in System - API Clients and both ID and secret ID are valid.

Any ideas appriciated.

api_App546×711 15 KB

And Connectors details

@VBregman Can you turn on the debugging api logs in Admin → Globals → Logging → System Error Logging Options and then post your logs when you attempt the swagger authentication.

I just tested the swagger setup and the client registration is working on our development demos. If you can give us the logs when you attempt the client auth on swagger that will help us figure out if its a bug or something setup wrong on your system. Here is the development demo link I tried
Demo Link: https://eleven.openemr.io/openemr/
Swagger URL: Swagger UI

image548×797 41.2 KB

Hi @adunsulag and thanks for the prompt answer. Can you please guide me in finding the system logs?
I’ve enabled debug mode but not sure where to find system logs themselves. There is nothing particularly interesting in Admin - System - Logs. So they must be hiding in filesystem somewhere?

It depends on how you’ve installed your OpenEMR instance but the API logs get written out to the standard PHP error log location for your server. For Linux running Apache they are stored in /var/logs/apache2/error.log. This is the default for our docker machines in OpenEMR.

I installed it on Ubuntu 20.04 using docker compose and this particular yml file
https://gist.githubusercontent.com/bradymiller/934c05f3025e444282ae25bd7a2e8f8d/raw/a676c4f5cb9d568fc420393b02d9ff34a787931f/openemr-610-docker-example-docker-compose.yml

But I don’t see apache folder in log

Capture853×171 6.65 KB

Sorry, got little bit stuck with the logs until realized they are inside of the container. Here are the logs after unsuccessful client authorization

[Mon Mar 21 16:58:32.955321 2022] [php:warn] [pid 151] [client 192.168.123.5:51670] PHP Warning: Undefined array key “nonce” in /var/www/localhost/htdocs/openemr/src/RestControllers/AuthorizationController.php on line 512, referer: http://192.168.123.254/swagger/index.html
[Mon Mar 21 16:58:32.955676 2022] [php:notice] [pid 151] [client 192.168.123.5:51670] [2022-03-21T16:58:32.955471+00:00] OpenEMR.DEBUG: AuthorizationController->oauthAuthorizationFlow() request query params {“queryParams”:{"_REWRITE_COMMAND":“default/authorize”,“response_type”:“code”,“client_id”:“kf2n2iOFv4SSnY8pfnZMjBIRbQ32_qEgcG4S2Ox6G34”,“redirect_uri”:“http://192.168.123.254/swagger/oauth2-redirect.html",“scope”:"openid offline_access api:fhir patient/AllergyIntolerance.read patient/CarePlan.read patient/CareTeam.read patient/Condition.read patient/Device.read patient/DiagnosticReport.read patient/DocumentReference.read patient/Encounter.read patient/Goal.read patient/Immunization.read patient/Location.read patient/Medication.read patient/MedicationRequest.read patient/Observation.read patient/Organization.read patient/Patient.read patient/Person.read patient/Practitioner.read patient/Procedure.read patient/Provenance.read system/AllergyIntolerance.read system/CarePlan.read system/CareTeam.read system/Condition.read system/Coverage.read system/Device.read system/DiagnosticReport.read system/Document.read system/DocumentReference.read system/Encounter.read system/Goal.read system/Group.read system/Immunization.read system/Location.read system/Medication.read system/MedicationRequest.read system/Observation.read system/Organization.read system/Patient.read system/Person.read system/Practitioner.read system/PractitionerRole.read system/Procedure.read system/Provenance.read user/AllergyIntolerance.read user/CarePlan.read user/CareTeam.read user/Condition.read user/Coverage.read user/Device.read user/DiagnosticReport.read user/DocumentReference.read user/Encounter.read user/Goal.read user/Immunization.read user/Location.read user/Medication.read user/MedicationRequest.read user/Observation.read user/Organization.read user/Organization.write user/Patient.read user/Patient.write user/Person.read user/Practitioner.read user/Practitioner.write user/PractitionerRole.read user/Procedure.read user/Provenance.read api:oemr user/allergy.read user/allergy.write user/appointment.read user/appointment.write user/dental_issue.read user/dental_issue.write user/document.read user/document.write user/drug.read user/encounter.read user/encounter.write user/facility.read user/facility.write user/immunization.read user/insurance.read user/insurance.write user/insurance_company.read user/insurance_company.write user/insurance_type.read user/list.read user/medical_problem.read user/medical_problem.write user/medication.read user/medication.write user/message.write user/patient.read user/patient.write user/practitioner.read user/practitioner.write user/prescription.read user/procedure.read user/soap_note.read user/soap_note.write user/surgery.read user/surgery.write user/vital.read user/vital.write api:port patient/encounter.read patient/patient.read”,“state”:“TW9uIE1hciAyMSAyMDIyIDE5OjU4OjMyIEdNVCswMzAwIChNb3Njb3cgU3RhbmRhcmQgVGltZSk=”,“site”:“default”}} [], referer: http://192.168.123.254/swagger/index.html
[Mon Mar 21 16:58:32.959079 2022] [php:notice] [pid 151] [client 192.168.123.5:51670] [2022-03-21T16:58:32.959044+00:00] OpenEMR.DEBUG: AuthorizationController->getAuthorizationServer() creating server [] [], referer: http://192.168.123.254/swagger/index.html
[Mon Mar 21 16:58:32.963243 2022] [php:notice] [pid 151] [client 192.168.123.5:51670] [2022-03-21T16:58:32.963207+00:00] OpenEMR.DEBUG: AuthorizationController->getAuthorizationServer() grantType is authorization_code [] [], referer: http://192.168.123.254/swagger/index.html
[Mon Mar 21 16:58:32.963297 2022] [php:notice] [pid 151] [client 192.168.123.5:51670] [2022-03-21T16:58:32.963270+00:00] OpenEMR.DEBUG: logging global params {“site_addr_oath”:“https://192.168.123.254”,“web_root”:"",“site_id”:“default”} [], referer: http://192.168.123.254/swagger/index.html
[Mon Mar 21 16:58:32.965762 2022] [php:notice] [pid 151] [client 192.168.123.5:51670] [2022-03-21T16:58:32.965727+00:00] OpenEMR.DEBUG: AuthorizationController->getAuthorizationServer() authServer created [] [], referer: http://192.168.123.254/swagger/index.html
[Mon Mar 21 16:58:32.965804 2022] [php:notice] [pid 151] [client 192.168.123.5:51670] [2022-03-21T16:58:32.965783+00:00] OpenEMR.DEBUG: AuthorizationController->oauthAuthorizationFlow() attempting to validate auth request [] [], referer: http://192.168.123.254/swagger/index.html
[Mon Mar 21 16:58:32.965848 2022] [php:notice] [pid 151] [client 192.168.123.5:51670] [2022-03-21T16:58:32.965827+00:00] OpenEMR.DEBUG: Aud parameter not provided (and non-launch scenario), so not validating aud (audience) [] [], referer: http://192.168.123.254/swagger/index.html
[Mon Mar 21 16:58:32.966709 2022] [php:notice] [pid 151] [client 192.168.123.5:51670] [2022-03-21T16:58:32.966674+00:00] OpenEMR.DEBUG: ClientRepository->getClientEntity() client found {“client”:{“client_name”:“App0”,“redirect_uri”:“https://192.168.123.254/swagger/oauth2-redirect.html",“is_confidential”:"1”}} [], referer: http://192.168.123.254/swagger/index.html
[Mon Mar 21 16:58:32.967956 2022] [php:notice] [pid 151] [client 192.168.123.5:51670] [2022-03-21T16:58:32.967897+00:00] OpenEMR.ERROR: AuthorizationController->oauthAuthorizationFlow() OAuthServerException {“hint”:"",“message”:“Client authentication failed”,“payload”:{“error”:“invalid_client”,“error_description”:“Client authentication failed”,“message”:“Client authentication failed”},“trace”:"#0 /var/www/localhost/htdocs/openemr/vendor/league/oauth2-server/src/Grant/AbstractGrant.php(290): League\\OAuth2\\Server\\Exception\\OAuthServerException::invalidClient()\n#1 /var/www/localhost/htdocs/openemr/vendor/league/oauth2-server/src/Grant/AuthCodeGrant.php(269): League\\OAuth2\\Server\\Grant\\AbstractGrant->validateRedirectUri()\n#2 /var/www/localhost/htdocs/openemr/src/Common/Auth/OpenIDConnect/Grant/CustomAuthCodeGrant.php(77): League\\OAuth2\\Server\\Grant\\AuthCodeGrant->validateAuthorizationRequest()\n#3 /var/www/localhost/htdocs/openemr/vendor/league/oauth2-server/src/AuthorizationServer.php(163): OpenEMR\\Common\\Auth\\OpenIDConnect\\Grant\\CustomAuthCodeGrant->validateAuthorizationRequest()\n#4 /var/www/localhost/htdocs/openemr/src/RestControllers/AuthorizationController.php(523): League\\OAuth2\\Server\\AuthorizationServer->validateAuthorizationRequest()\n#5 /var/www/localhost/htdocs/openemr/oauth2/authorize.php(86): OpenEMR\\RestControllers\\AuthorizationController->oauthAuthorizationFlow()\n#6 {main}",“redirectUri”:"",“errorType”:“invalid_client”} [], referer: http://192.168.123.254/swagger/index.html

You can see here in the log that you are running the swagger page on http see the redirect_uri here of http://192.168.123.254/swagger/oauth2-redirect.html.

However, your app is registered using https://192.168.123.254/swagger/oauth2-redirect.html. Which is what is creating the problem for you as the URLs have to match.

@adunsulag Really appreciate your support! Indeed when I used swagger with https as declared in client - works perfectly. Next step - client implementation on Postman

Look at this project.

Convert the swagger yaml to JSON and you can import the JSON into your postman directly. Or use the project to generate your API stubs for the language that you are implementing the API in.