Hi,
In continuation with exploring FHIR Api support , I tried Oauth2 authorization and FHIR Api access on the demo sever at https://demo.openemr.io.
I was able to get the Authorization_Code as below, the only thing noticeable was the scope value of “openid” even though the registration was for a scope of “openid api:fhir api:oemr”
Token Response:
{
“id_token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiI4Rndobl9rWDdxWkZzNHR0WC1GUXVCMEptd3dkUG1vZTNkbmlianhnODFJIiwiaXNzIjoiaHR0cHM6XC9cL2RlbW8ub3BlbmVtci5pb1wvb3BlbmVtclwvb2F1dGgyXC9kZWZhdWx0IiwiaWF0IjoxNjE1Mzc0MDA4LCJleHAiOjE2MTUzNzc2MDgsInN1YiI6IjkyZWE5ZGRiLTVkZjYtNDJjMC04ZWZhLTJjYTc5ZjU2NDVlNSIsImFwaTpmaGlyIjp0cnVlLCJhcGk6b2VtciI6dHJ1ZX0.XL8BT441HCDvB32VA7quA2VY2MfcvyxsSHMGIdzcPJFNSNQpY5udoPo8doVPU6KHRLxBq6qsVaH0T5P-7sKsKijGibz2EuzSrjJFAVfoLjuiyTITsrj7NOJJb_Jp5KImWCdEZeno_G58UXk8BpnF3L-KfSn7rOeXiOibE2z9Ge3TRR5npy0N3DP4tmePeIMZ8O7es7SJsqf1F6HLGg5bwEbPbFSQK5suUPXqFx-nBgngU0uWopAqzZiXx1Rz3eXDdksvdavkRj8fOoT23ex3AWzpf2aMIuLYDiYcQhiW4BAXbESiJOmEN3txYWdb415HsnJ35Otezwrz7DWZjo6NfQ”,
“scope”: “openid”,
“token_type”: “Bearer”,
“expires_in”: 3600,
“access_token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiI4Rndobl9rWDdxWkZzNHR0WC1GUXVCMEptd3dkUG1vZTNkbmlianhnODFJIiwianRpIjoiNDg4NzVmZDQwYWI1MWQ1OThjMzkyMDBkN2UxZWY2ZDczMWIyY2EwN2FiMjg5ZmE4NzExYjUzMTIwMWRkNjlkYzIzZjBhNWQxZGNkYzVjYzciLCJpYXQiOjE2MTUzNzQwMDgsIm5iZiI6MTYxNTM3NDAwOCwiZXhwIjoxNjE1Mzc3NjA4LCJzdWIiOiI5MmVhOWRkYi01ZGY2LTQyYzAtOGVmYS0yY2E3OWY1NjQ1ZTUiLCJzY29wZXMiOlsib3BlbmlkIiwiYXBpOmZoaXIiLCJhcGk6b2VtciIsInNpdGU6ZGVmYXVsdCJdfQ.VHTovxvh2K–4LhOsdC6dM0UuOyr_7bIuWChczN5VZJgIRYyD1x-5dJ5gct-mX8n64gagOHUCvjD5q0gXm9hB2ZFmc7JAuc2i2OaKlCJncExrp43v-mYXORtUSl30e5S3nFGCy6hADe7uv20Vb2VLSR5SA8qsDuBWQVkIWYuFVdSjIOws57gnQE1MIAkUzOBD92Zud-ioG78o_1gvT4wh4F2b_Kw1BEco2bh25Zw7OOlvyLys7dC8woCjL2U0w-ezcCfmceRWv9B6Z3-gDZ8OGCui9MwYT738FkYbDry109YNCiVBUar3mbCsWApNAYnLciL7NQLizq8BcS6-bCQSA”,
“refresh_token”: “def502005d88a129c0de1cd0d8b1570ab610fe120814346d06d264c0f8008d4cd6a53966b94a02de029e2d2ee5578fde5527071dc7b1c2db792b8d17e144773c8c0b460687eb9dfbf48a19f730a36e9ae115a2381055aa6703a1d0bcf0b40e3584dc4ecdefcde14c2cb1d620508e0f721c8bd84731e5de7b890f029d59d5f0d6c65685452999ce1d196ee7dad9037a3a6dbb87a2d602291783369c70bdbfa22c839cd81a7add63de43e012c9ffe00ade49196e30989508eacc1d2ff86d856f053501c9226d8513ff74eef1fdfb68fb3397be1a66d3fe7346d1ed46a59623e9dc2c23bd389316b1a937c150384131edadc755db4407a8a6423d54c9fb78886850f8c5232846aeed8b1fb1db02d202f2cf92820a97fc8259a7c8360368fedb52b3926d049f934ee509eba928decfaececbd0b47bd050ef56d7473a3e67596fffe95d5fe561069fcbad62cf2d04581f4f7fbc4a58e0af54e7fa22e4531cd8b9e06849ab105bb7a6188c28a8a5c76a333085d92cda7ef376e01d35f8fc7ae74f29087bc6893f4ab7490a077f54ff49c40835267de24b0cbbfd1d295c8f3ce2675d26a5bf62e201d82b3180b1a9316a75d794c9243d2fc4babe37235acca69b2b138adc431abb2d6966d5cbd72708fa44555cc2117b26a321a8d8d49a6ea560”
}
Next I tried pulling to make the FHIR patient api call passing the bearer token as authorization header but get the 401 unauthorized error.
On checking the php log on the server at https://one.openemr.io/log/logPhp.txt it shows the following entry for each FHIR patient request I made.
[10-Mar-2021 11:22:01 UTC] PHP Fatal error: Uncaught LogicException: Key path “file:///var/www/localhost/htdocs/a/openemr/sites/default/documents/certificates/oapublic.key” does not exist or is not readable in /var/www/localhost/htdocs/a/openemr/vendor/league/oauth2-server/src/CryptKey.php:52
Stack trace:
#0 /var/www/localhost/htdocs/a/openemr/vendor/league/oauth2-server/src/ResourceServer.php(50): League\OAuth2\Server\CryptKey->__construct(‘file:///var/www…’)
#1 /var/www/localhost/htdocs/a/openemr/_rest_config.php(201): League\OAuth2\Server\ResourceServer->__construct(Object(OpenEMR\Common\Auth\OpenIDConnect\Repositories\AccessTokenRepository), ‘/var/www/localh…’)
#2 /var/www/localhost/htdocs/a/openemr/apis/dispatch.php(59): RestConfig::verifyAccessToken()
#3 {main}
thrown in /var/www/localhost/htdocs/a/openemr/vendor/league/oauth2-server/src/CryptKey.php on line 52
From the error it seem the publicy key file is not accessible for some reason.
Please check the issue and fix.
Thanks,
Rajesh Maurya