How to configure OpenEMR 6.x with Keycloak (or any OAuth2 server)

Help Wanted
,
22

I think the docs might be missing the Authorize section example based on what was posted here: V6 Authorization and API changes afoot

  1. You do a registration request to: https://localhost/oauth2/default/registration
  2. Next step is to authorize to: https://localhost/openemrv6/oauth2/default/authorize

The API docs says to use this url: https://localhost/oauth2/default and no example.

So I registered the admin account as an API client that worked fine.
I then proceed to authorize the client via a GET/POST to: https://localhost:443/oauth2/default/authorize using these params:

{
    "client_id": "UIy5NV9K53pYus35IbXGjVuYzQOUXIDQzmF3YocU7Zs",
    "response_type": "code",
    "client_id": "LnjqojEEjFYe5j2Jp9m9UnmuxOnMg4VodEJj3yE8_OA",
    "state": "a85b870548dd8880ddb7c3192439f468fe63396f",
    "scope": "openid api:oemr api:fhir api:port api:pofh",
    "redirect_uri": "https://localhost:443"
}

And this is the result:

<br />
<b>Notice</b>:  Key file "file:///var/www/localhost/htdocs/openemr/sites/default/documents/certificates/oaprivate.key" permissions are not correct, recommend changing to 600 or 660 instead of 700 in <b>/var/www/localhost/htdocs/openemr/vendor/league/oauth2-server/src/CryptKey.php</b> on line <b>63</b><br />
{
    "error": "unsupported_grant_type",
    "error_description": "The authorization grant type is not supported by the authorization server.",
    "hint": "Check that all required parameters have been provided",
    "message": "The authorization grant type is not supported by the authorization server."
}

Changing permissions on that file does nothing, this is where I’m stuck at the moment so I’m not sure if it’s something I’m doing wrong or missing info in the API docs.

I’ve changed response_type to every response type supported based on: https://localhost/oauth2/default/.well-known/openid-configuration and get the same error.

Using the endpoint in the API docs https://localhost:443/oauth2/default doesn’t return anything but a 200 ok with an empty body.

I’m just looking to be able to use the API with the user accounts created in OEMR like it was prior to V6 since I’m just using OEMR as the backend of my app.

Thanks.