Getting 401 - Unauthorized error for API calls while using Client Credentials Grant

Mandrake · September 26, 2022, 8:56pm

Situation
I was successfully able to register and get the token for Client Credentials Grant. However, getting 401 - Unauthorized error for API calls.

Here are some details:
Scope:
openid offline_access api:oemr api:fhir api:port user/allergy.read user/allergy.write user/appointment.read user/appointment.write user/dental_issue.read user/dental_issue.write user/document.read user/document.write user/drug.read user/encounter.read user/encounter.write user/facility.read user/facility.write user/immunization.read user/insurance.read user/insurance.write user/insurance_company.read user/insurance_company.write user/insurance_type.read user/list.read user/medical_problem.read user/medical_problem.write user/medication.read user/medication.write user/message.write user/patient.read user/patient.write user/practitioner.read user/practitioner.write user/prescription.read user/procedure.read user/soap_note.read user/soap_note.write user/surgery.read user/surgery.write user/vital.read user/vital.write user/AllergyIntolerance.read user/CareTeam.read user/Condition.read user/Coverage.read user/Encounter.read user/Immunization.read user/Location.read user/Medication.read user/MedicationRequest.read user/Observation.read user/Organization.read user/Organization.write user/Patient.read user/Patient.write user/Practitioner.read user/Practitioner.write user/PractitionerRole.read user/Procedure.read patient/AllergyIntolerance.read patient/CareTeam.read patient/Condition.read patient/Immunization.read patient/MedicationRequest.read patient/Observation.read patient/Procedure.read

FHIR API Call:
https://xyz/openemr/apis/default/fhir/Patient

Error Log:
[Mon Sep 26 20:52:36.013364 2022] [php7:notice] [pid 1093] [client 104.189.146.210:22662] [2022-09-26T20:52:36.013338+00:00] OpenEMR.DEBUG: RestConfig::scope_check scope not in access token {“scope”:“system/Patient.read”,“scopes_granted”:[“site:default”]} []

OpenEMR Version
I’m using OpenEMR version : 7.0.0 (Patch 1)

Browser:
I’m using: Postman

Operating System
I’m using: Linux

Logs
Did you check the logs?
Was there anything pertinent in them?
Please paste them here (surround with three backticks (```) for readability.
You can also turn on User Debugging under Administration->Globals->Logging User Debugging Options=>All

Mandrake · September 28, 2022, 1:25am

Update: I was able to resolve this issue. I was getting this error because of following two issues:

Scope definition didn’t have system scopes. I added following to the scope:

“openid offline_access api:oemr api:fhir api:port patient/Patient.read patient/Procedure.read system/Patient.read system/AllergyIntolerance.read system/CarePlan.read system/CareTeam.read system/Condition.read system/Coverage.read system/Device.read system/DiagnosticReport.read system/Document.read system/DocumentReference.read system/Encounter.read system/Goal.read system/Group.read system/Immunization.read system/Location.read system/Medication.read system/MedicationRequest.read system/Observation.read system/Organization.read system/Person.read system/Practitioner.read system/PractitionerRole.read system/Procedure.read system/Provenance.read”

System Scope was enabled. I enabled the system scope:
“Admin->Globals->Connectors->Enable OpenEMR FHIR System Scopes (Turn on only if you know what you are doing)”