Situation
Describe your problem here
I followed this doc:
to register a private client API on OpenEMR using the client_credentials grant_type. I was able to get the access token by hitting POST request on oauth2/default/token with body
{
“grant_type”: “client_credentials”
“client_assertion_type”: “urn:ietf:params:oauth:client-assertion-type:jwt-bearer”
“scopes”: “openid fhirUser online_access offline_access launch launch/patient api:fhir patient/AllergyIntolerance.read patient/Appointment.read patient/Binary.read patient/CarePlan.read patient/CareTeam.read patient/Condition.read patient/Coverage.read patient/Device.read patient/DiagnosticReport.read patient/DocumentReference.read patient/DocumentReference.$docref patient/Encounter.read patient/Goal.read patient/Immunization.read patient/Location.read patient/MedicationRequest.read patient/Medication.read patient/Observation.read patient/Organization.read patient/Patient.read patient/Person.read patient/Practitioner.read patient/Procedure.read patient/Provenance.read system/AllergyIntolerance.read system/Binary.read system/CarePlan.read system/CareTeam.read system/Condition.read system/Coverage.read system/Device.read system/DiagnosticReport.read system/DocumentReference.read system/DocumentReference.$docref system/Encounter.read system/Goal.read system/Group.read system/Group.$export system/Immunization.read system/Location.read system/MedicationRequest.read system/Medication.read system/Observation.read system/Organization.read system/Patient.read system/Patient.$export system/Person.read system/Practitioner.read system/PractitionerRole.read system/Procedure.read system/Provenance.read system/.$bulkdata-status system/.$export user/AllergyIntolerance.read user/Binary.read user/CarePlan.read user/CareTeam.read user/Condition.read user/Coverage.read user/Device.read user/DiagnosticReport.read user/DocumentReference.read user/DocumentReference.$docref user/Encounter.read user/Goal.read user/Immunization.read user/Location.read user/MedicationRequest.read user/Medication.read user/Observation.read user/Organization.read user/Organization.write user/Patient.read user/Patient.write user/Person.read user/Practitioner.read user/Practitioner.write user/PractitionerRole.read user/Procedure.read user/Provenance.read api:oemr user/allergy.read user/allergy.write user/appointment.read user/appointment.write user/dental_issue.read user/dental_issue.write user/document.read user/document.write user/drug.read user/encounter.read user/encounter.write user/facility.read user/facility.write user/immunization.read user/insurance.read user/insurance.write user/insurance_company.read user/insurance_company.write user/insurance_type.read user/list.read user/medical_problem.read user/medical_problem.write user/medication.read user/medication.write user/message.write user/patient.read user/patient.write user/practitioner.read user/practitioner.write user/prescription.read user/procedure.read user/soap_note.read user/soap_note.write user/surgery.read user/surgery.write user/transaction.read user/transaction.write user/vital.read user/vital.write api:port patient/encounter.read patient/patient.read patient/appointment.read”
“client_assertion”: “jwt encoded token”
}
When I use the token as bearre auth on GET endpoint /fhir/Patient I get 200 status codes and all patients list. But when I follow the above steps (generate new bearer auth from jwt) and use the new token on same endpoint but POST request, I am getting 401 unauthorized.
I change the jti value in jwt payload every time to generate unique jwt encoded token.
OpenEMR Version
I’m using OpenEMR version 7.0.0
Browser:
I’m using: POSTMAN
Operating System
I’m using: OpenEMR from AWS lightsail
Logs
Did you check the logs? Yes
Was there anything pertinent in them? No just warning:
[Thu Mar 23 17:46:06.190919 2023] [mpm_prefork:notice] [pid 156] AH00163: Apache/2.4.55 (Unix) OpenSSL/1.1.1s configured -- resuming normal operations
[Thu Mar 23 17:46:06.191075 2023] [core:notice] [pid 156] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Thu Mar 23 18:03:02.926508 2023] [mpm_prefork:notice] [pid 156] AH00163: Apache/2.4.55 (Unix) OpenSSL/1.1.1s configured -- resuming normal operations
[Thu Mar 23 18:03:02.926805 2023] [core:notice] [pid 156] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Thu Mar 23 18:07:12.757978 2023] [mpm_prefork:notice] [pid 156] AH00163: Apache/2.4.55 (Unix) OpenSSL/1.1.1s configured -- resuming normal operations
[Thu Mar 23 18:07:12.758135 2023] [core:notice] [pid 156] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Thu Mar 23 18:16:00.591978 2023] [mpm_prefork:notice] [pid 156] AH00163: Apache/2.4.55 (Unix) OpenSSL/1.1.1s configured -- resuming normal operations
[Thu Mar 23 18:16:00.592155 2023] [core:notice] [pid 156] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
Please paste them here (surround with three backticks (```) for readability.
You can also turn on User Debugging under Administration->Globals->Logging User Debugging Options=>All