Introspect URL and SMART App launch not working

Situation

We have an local instance of OpenEMR installed on Linux and are stuck with 2 issues :

1. Unable to retrieve a 200OK with Introspect endpoint

I am trying to validate the access token retrieved from the OpenEMR token endpoint using the OpenEMR introspect endpoint.

The endpoint is always giving me a 401 unauthorized response as below

image714×320 39.2 KB

I have tried different ways to use the introspect endpoint and also looked through the code to check the parameters required to be passed.

• Making a POST request to the introspect endpoint with content-type as x-www-urlencoded and a key value of “token” : access_token

• Making a POST request to the introspect endpoint with content-type = x-www-urlencoded ,a key-value pair of “token” : access_token and a authorization header with Bearer <access_token>

• Making a POST request to the introspect endpoint with nody as none and a basic authorization with username password

All of these methods do not work.

2. Unable to authorize in a Smart On FHIR app launch
   I registered a multipurpose application (to use in EHR launch) and granted few user scopes along with openId and fhirUser scope. Also, i enabled the registered app.

I used the launch and redirect URL of a basic SMART on FHIR app that i have developed and is available in GIT. The app needs to use a fhir client that takes the app client_id, redirect_uri and scope of the registered app and i made sure i have used the exact same client_id, redirect_uri and scopes from the app.

However, when i launch the application from the patient summary page, the iframe opens and always displays an “invalid client error”.

image1423×333 26.4 KB

I did try to register another app that has the launch URL and redirect URL of OpenEMR swagger (https://10.3.0.8/swagger/oauth2-redirect.html) and enabled this app as well. When i try to launch the app from the patient summary page, it successfully opens the swagger page.

image1414×492 43.4 KB

I am not sure what i am missing since the way of doing a Smart on FHIR launch is similar to other EHR and my application works perfectly fine in their environment.

Appreciate any assistance on these!

OpenEMR Version
I’m using OpenEMR version

Browser:
I’m using: Chrome, Edge

Operating System
I’m using: Linux

Logs
Did you check the logs?
Was there anything pertinent in them?
Please paste them here (surround with three backticks (```) for readability.
You can also turn on User Debugging under Administration->Globals->Logging User Debugging Options=>All

Hello Team,

I would really appreciate some assistance/suggestion on this thread. Thank you !

So you didn’t post any of your logs that would help give a clue on why your getting invalid clients or invalid scopes. Turn on the API debug logging and use your logs to try and determine why its working for you in swagger but not working otherwise.

If anything I’d guess its a problem with your redirect_uri that you are using. It must match exactly with what your app sends and with what you register in your app. If you are sending a different URL than what you’ve registered your app with it will fail.

Thanks Stephen,

I did turn on the debug logs and i still don’t see logs related to the SMART APP launch. I am checking the logs at Admin >> System >> Logs. (Is there any other way to check these logs?) Latest log i see is the query made in Patient Demographics category and an SQL query for the same.
I am using the a FHIR Client JS Library to do the SMART App authorization flow and i do use the same redirect_uri that i used while registering the app.
Also, the issue with INTROSPECT URL still exists and i was not able to fix that. Can you please help me with these two issues?

There are detailed logs in the apache / nginx php error logs. When you turn on the debug logging mode it will add additional information. These logs don’t get saved to the database.

I haven’t had a chance to look at the introspect url as I’m in the middle of a paid contract and need to get that finished.