Getting Error While Calling the Authorization Code Grant

OpenEMR Development
#2

Hi Rajaram(@Rajaram_Selvan ),

The tried the authorize url in the browser and it opens the login screen.

url: https://openemr.probitycare.com/oauth2/default/authorize?response_type=code&client_id=hMEe1W-a8K-fURlAaF5YXz78kPLz6QRNzKXqy_DQ1xg&state=f20c0bd0c67ce665ebc1bcf9b8546e06&scope=openid email phone address api:pofh api:fhir&redirect_uri=https://demo.probitycare.com/signin/callback

image
image1116×665 4.89 KB

Note: Please also make sure you enable the API client under the Administration >> System >> Api Clients .

Thanks

Rajesh

#3

Hi Rajesh(@RajM )
I already enabled the API Clients.

image
image1242×722 32.6 KB

Like you said,
I opened the link
https://openemr.probitycare.com/oauth2/default/provider/login

Enter the details like below

image
image943×289 6.33 KB

After that press OpenEMR Login button means,

image
image946×271 5.19 KB

I got the form like this, It doenst show any scopes,etc.

While click that Authorize button means its showing the Errors like below,

crop
crop1886×161 23.3 KB

Please provide me the solution.

Thanks & Regards,
Raja.s

#4

Hi Rajesh(@RajM),

Got a code as Response in my Callback URL,

Thanks for the guidance

What is the next step i have to do

#5

Hi Rajaram,

Please refer to the following post for the steps to be able to get a authorization token to access the Open EMR Api and FHIR Api. Please also note the reply by Braddy(@brady.miller) about scope for each resource that is required to be accessed.

Thanks,

Rajesh Maurya

#6

Hi Rajesh(@RajM),

While i calling the Access Token i’m getting the Bad Request Error like below,

crop1
crop11484×681 61.8 KB

Please provide me the solution.

Thanks,
Raja.s

#7

Shall i have the sample curl call for the Access Token Generation. Because if i call the
https://openemr.probitycare.com/oauth2/default/token api with the following parapmeters,

grant_type : authorization_code,
client_id : hMEe1W-a8K-fURlAaF5YXz78kPLz6QRNzKXqy_DQ1xg
client_secret: 006FjHcnAMmthL7ceroXc40NDJ+3TqVhQOz1n0ALnxRdizkFhYST7c4U7C4PsCMqpx+LNqN+rBNXhb63xcFrKxQ+2F5AXgiCi+z0oXgl8REA3s2xNIYOdvrE4BBJwY5ok8C+0QkbQcUgFKCZdkZUi475o2AB3fWZrHyxtrvvrx8vB1cwYLktd2DxkiPns97pvXC+1ReD0PERkHbtWo2KAEZCw==
code : def502006f09ef2792d82ca091b4337796a8bf9561b1fa1115630a7e8e2d6aaff2a99bbb1b380fd7771c880b2aac07fa775d875342b547427587ce44461fd13d78d7099854f5594b838cc8601146922a869132ea2613022f338d889409cacd05e074dcadc9e2d96c9fdd8ec8535d03187906a05587cf95f571b354049367c36cd76b5c2381b0c3241f514b7262d06fe435b584700aba1e636d73fe4eb08f55e6e1bb0be14702d1e8027a00a7b3b2beada35cc3cafde98ed89b1c1da92f4cc17800c0238549400837f334f66bcbe245e3b2ccf6e03d48bcc58e2ced476d842e3d3bc613476cbbd9cf8ed2e4035ffc6e1c801f49157690bede8bf69fadd3fc811a52ab2ae725f5afe9a569b1eb9c02b8df6280a1a87ba83d0b77cbecbce64d360ba391f0f72f7fb19c9f07e1b0fcf450ea31053b390f1014ec879514c92cf9b5979fe422463b51908bc0bb2de103724ad020d5b89f8905ec208149442cf1567b6c1e9e5f1999541b30e991b7aca052a8ce17742e7127ccea85c16c2a6f9c7db6719c74f3dda3bfc7a0de86105c178bb2af7d0d3621bb0a7b5e43ad8d2273c62d795f7791a679d811fa9cd5c2bece021558269ecaf3120d8a4cec32a224c8bf7ba5981f1e011189c935d9cdbe3ea1b957e5943a725eb7090b6f0425b7f1b67069d082b84620386960ed903d180e3e2b6cf80409ac2feac826e4f07f2f06a02624ba4ce695901870add421afca94dc0f6a5b08d9ef74cdd173b7fd4d86fe8ed1646ae8620bda6becfc0c857d43848e5509c3826e03915a5579fcd316323e43488c09b90b3476e4d68639d110a459afa49fd151af9e25282ebe6b59264b305ca0b3497a007dfa301f3ae59bb2dade133802d7e153efe9b4f35a8ab8e61681f51148700d341ba266a04597f80ba1a2179bbb04aacd64471f09d64e66b5cac450e270da8deb862fcc61c574ca28d1c56470f7828d1417030296acfe3a5a103ee405356830f9ab40039fbcbcb1c6d045371d6593984587d01aebc116cdaebf2803e8ca25aa4d8d74fce94ae6fd5362bfad46d2457b0889a014b753222ba2e96f89209dea6db3c1e0eab1c6b3d6f120b57fd2c7130f4ab75f4ce490d581e485d2c82a1ca7b9fa2fdea7cf4fc479895d3b31f7f8269401f32f2ae84b6758a2533bd2491d01cd25b181b476033ac5f0f2bdc7555e65088e991495db388cbc8f0693931df630c408204d12faac3a1a10ceb82dd159f033a1425f82f6c069f0ed2cc58d145f6b3efdd463d2923a7a8b2bc21ccb1a0d931c03ae383c9c8dae10dd3de999217c4fbd2953bfcc9ee3386d7c0fdd134aa6e515520b501a5a37ff6212a952d3043f3d3b361fdc5f67ab4f8d66c6e7dee37350198d7cec3062495116fe4ac4dc078ea7605ac152cdeedf374742fe573dffb94fa7ab8bf5cec04ccb80cb0383d819105d6d4ced433f0064b257b12f2a8c3374d747c28cf2297430688e2eef8ab47bae87810738dfa843178c95d20db6ebd0a9aec94fb8333b34f69868435a1852d98b34dcef25f8e35808fb5fe40e5512a252a64ae666acd769cd606f9c48b186cd462ebb71fc1dd42a5efccf31feb786f3ffc8edbf5bf34c58e217&state=f20c0bd0c67ce665ebc1bcf9b8546e06
state : ab2e5882f5feb560e98269a3b6a9dc32 means i’m getting the following error

{

"error": "invalid_request",

"error_description": "Bad request",

“message”: “Bad request”

}

#8

Hi Rajaram,

The request parameters etc look correct, not sure why you are getting a bad request.

The only time I could replicate the above error message was when there were no Api clients registered in the OpenEMR system which doesn’t seems to be your case.

I would suggest you check the php logs of you instance when you make the token request api call.

Thanks,
Rajesh

#9

@Rajaram_Selvan Please tell me, from where you get this login details ?

#10

@remorr25 openemr/API_README.md at master · openemr/openemr · GitHub check this link

At first you have to create the client id and client secret id

curl -X POST -k -H ‘Content-Type: application/json’ -i https://localhost:9300/oauth2/default/registration --data ‘{
“application_type”: “private”,
“redirect_uris”:
[“https://client.example.org/callback”],
“post_logout_redirect_uris”:
[“https://client.example.org/logout/callback”],
“client_name”: “A Private App”,
“token_endpoint_auth_method”: “client_secret_post”,
“contacts”: [“me@example.org”, “them@example.org”],
“scope”: “openid offline_access api:oemr api:fhir api:port user/allergy.read user/allergy.write user/appointment.read user/appointment.write user/dental_issue.read user/dental_issue.write user/document.read user/document.write user/drug.read user/encounter.read user/encounter.write user/facility.read user/facility.write user/immunization.read user/insurance.read user/insurance.write user/insurance_company.read user/insurance_company.write user/insurance_type.read user/list.read user/medical_problem.read user/medical_problem.write user/medication.read user/medication.write user/message.write user/patient.read user/patient.write user/practitioner.read user/practitioner.write user/prescription.read user/procedure.read user/soap_note.read user/soap_note.write user/surgery.read user/surgery.write user/vital.read user/vital.write user/AllergyIntolerance.read user/CareTeam.read user/Condition.read user/Coverage.read user/Encounter.read user/Immunization.read user/Location.read user/Medication.read user/MedicationRequest.read user/Observation.read user/Organization.read user/Organization.write user/Patient.read user/Patient.write user/Practitioner.read user/Practitioner.write user/PractitionerRole.read user/Procedure.read patient/encounter.read patient/patient.read patient/AllergyIntolerance.read patient/CareTeam.read patient/Condition.read patient/Encounter.read patient/Immunization.read patient/MedicationRequest.read patient/Observation.read patient/Patient.read patient/Procedure.read”
}’

#11

@Rajaram_Selvan I have generated client id and client secret id. I need authorization login details, so please tell me from where I can get that?

Thanks

#12

Me also facing same issue.

#13

Hi,
I am facing the issue while registering the client through oauth.
I am using latest git code GitHub - openemr/openemr: OpenEMR is the most popular open source electronic health records and medical practice management solution. OpenEMR's goal is a superior alternative to its proprietary counterparts.

I am using CURl below
curl --location --request POST ‘https://localhost/openemrv2/oauth2/default/registration’ \

–header ‘Content-Type: application/json’ \

–data-raw '{

"application_type": "private",

"redirect_uris": [

    "https://openemr.localhost/openemr"

],

"post_logout_redirect_uris": [

    "https://openemr.localhost/openemr/logout"

],

"client_name": "adminlocalusemohit",

"token_endpoint_auth_method": "client_secret_post",

"username": "adminlocalusemohit",

"scope": "openid api:oemr api:fhir api:port api:pofh user/allergy.read user/allergy.write user/appointment.read user/appointment.write user/dental_issue.read user/dental_issue.write user/document.read user/document.write user/drug.read user/encounter.read user/encounter.write user/facility.read user/facility.write user/immunization.read user/insurance.read user/insurance.write user/insurance_company.read user/insurance_company.write user/insurance_type.read user/list.read user/medical_problem.read user/medical_problem.write user/medication.read user/medication.write user/message.write user/patient.read user/patient.write user/practitioner.read user/practitioner.write user/prescription.read user/procedure.read user/soap_note.read user/soap_note.write user/surgery.read user/surgery.write user/vital.read user/vital.write user/AllergyIntolerance.read user/CareTeam.read user/Condition.read user/Encounter.read user/Immunization.read user/Location.read user/Medication.read user/MedicationRequest.read user/Observation.read user/Organization.read user/Organization.write user/Patient.read user/Patient.write user/Practitioner.read user/Practitioner.write user/PractitionerRole.read user/Procedure.read patient/encounter.read patient/patient.read patient/Encounter.read patient/Patient.read"

}’

I am getting the reponse:-
{

"error": "server_error",

"error_description": "The authorization server encountered an unexpected condition which prevented it from fulfilling the request: Security error - problem with authorization server keys.",

"message": "The authorization server encountered an unexpected condition which prevented it from fulfilling the request: Security error - problem with authorization server keys."

}

can someone help me to register my client
Thanks

Error when attempting to register a client for FHIR (Authorisation)
#14

What files are in your <openemr_installation_dir>/sites/default/documents/certificates/ folder. Is this an OpenEMR that you upgraded? Are you using the master branch or one of the release branches?

The two areas to check would be to make sure you have in that certificates folder two files: oaprivate.key and an oapublic.key. If the system can’t write the keys out to that folder you’ll need to change your folder permissions to allow the web service to have write access to that directory.

You also can get more detailed logs by changing your Administration -> Globals -> Logging -> System Error Logging Options to the debug setting.

#15

Hi @adunsulag
Thanks for giving me answer :slight_smile:

  1. In my sites/default/documents/certificates/ folder is empty.
  2. Yes this is OpenEMR that i upgraded.
  3. Yes i ma using master branch.
  4. When i enable system error logging option then no detail errors is shown.

Queries:-

  1. oaprivate.key and oapublic.key this 2 file from where i generate because when i install OpenEMR this file is not generated.

can you help me please,
Thanks

#16

Did you try changing the certificate folder permissions? Make sure your webserver user has write access to the folder. You should have the folder set to 755 to be able to write there.
image

I’m not sure why I’ve had to do this sometimes, but there are times when the key files fail to write out that I’ve had to clear the oauth2 private keys in the database. They are found in the keys table and you may need to delete the oauth2key and oauth2passphrase entries.

image
image730×284 30.7 KB

One thing I would mention is that I hope you are working off of master because you are doing development. If you are upgrading a production machine, its not a great idea to work off of master as there are lots of unstable features that could mess you up. I only mention this since you said you ‘upgraded’ this instance.

Getting server error while click authorize button in swagger
#17

Hi @adunsulag
Thanks for help me out
I am new in OpenEMR so can you please help me out in below points:-

  1. There is no permission issue in folder because i am using windows environment.
  2. When i check my key table then there are only oauth2key entry, there are no entry related oauth2passphrase. Can you help me how to generate oaprivate.key and oapublic.key.
  3. One more thing which branch should i use to make development rather then master.
  4. One more thing i am setup project over xampp and not using docker.
#18

@mohit

At this point your request should be a different forum post as its different than the original thread forum post. However, for others who come along, I’ll put some of the code you can look at since you’re a developer.

  1. I don’t know the specifics of your issue, it still seems like a folder permission issue which can still happen on windows… but I’m assuming you’ve checked that and made sure you’re folder is set correctly.

  2. I’m not sure why you have only the one key entry, but I would recommend deleting the oauth2key entry and the system will start over from scratch. The keys are generated when you make any oauth2 API request.

  3. If you are trying to customize OpenEMR for yourself or another organization you should use one of the production release branches. The latest release branch is rel-600. If you want to contribute your code back to OpenEMR then master is just fine.

  4. I’m not familiar with xampp so maybe someone else can help you with this issue. However, since you’re a developer you can also look at the code yourself and see if you can identify what’s going on in your environment. The relevant sections are:

The oauth2 flow starts in the authorize.php file.

That file calls the AuthorizationController’s __construct method which is where the key generation starts.

The actual keys are generated in the configKeyPairs() method.

Hope that helps. If you find out what’s going on please share back with the community. If there’s a bug happening on windows we would like to get it fixed.

#19

Hi @adunsulag
Thanks for Helpe me
I am try with the same and let you know if i am facing any issue. :slight_smile:

#20

Hi @adunsulag,
I am successfully able to register client with API.
For this i need to change some code in src/RestControllers/AuthorizationController.php
At configKeyPairs function in private key with below code
$keysConfig = [
“config” => “D:/Xampp-7.3.20/php/extras/openssl/openssl.cnf”,
‘private_key_bits’=> 2048,
‘default_md’ => “sha256”,
];
$keys = \openssl_pkey_new($keysConfig);

Now for this i am able to register oprivate.key abd **opublic.key ** in key table and not need to create file in sites/document/certificate folder.

But Can you help me one more thing
When i try to get token by API http://openemr.localhost/oauth2/default/token
then it will give me error below: -
The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.

image
image1364×768 67 KB

Error when attempting to register a client for FHIR (Authorisation)
#21

You are missing a number of parameters that you need. Also you really should create a new forum thread. This thread is dealing with Authorization Code Grant and you are using the Password Grant.

Please refer to the documentation for the [API Password Grant] (openemr/API_README.md at master · openemr/openemr · GitHub) for the parameters you need. If you continue to have issues, please open up a new forum thread as this thread is only relevant to the Authorization Code Grant.