Oauth2 authorize grant permissions every time and longer access token expire

Cristian_Don · February 6, 2024, 8:50am

Hello
Can you please help me with these 2 oauth2 problems:
I created an API client registration for my app. On the authorize call (i.e. host/oauth2/default/authorize?client_id=…&response_type=code&scope=…&state=…) I get redirected to the login (/oauth2/default/provider/login) but here I have 2 issues:

1. On the login screen after entering user and password I am forced to grant the app permissions every time. I want to do this only once, the first time, and then OpenEMR should remember that I granted the app with permissions.

2. The access token expires only after 1 hour. I know I can refresh the token, but is there a way to have the default expire default much bigger?

Thank you

adunsulag · February 10, 2024, 6:38pm

You need to use a refresh token to accomplish this if you are doing a standalone app. If you are doing an EHR launch app you can utilize the EHR login session to bypass the login screen as discussed in this pull request: feat: #6525 Use EHR authorization for SMART Apps by adunsulag · Pull Request #6628 · openemr/openemr · GitHub
You can modify the code, but there is no configuration setting for this. This was an intentional design decision for both security and because our USA ONC certification requires it.

casper · April 28, 2025, 9:22am

Hi @adunsulag,

I follow the instruction from feat: #6525 Use EHR authorization for SMART Apps by adunsulag · Pull Request #6628 · openemr/openemr · GitHub to disable the the Lunch Authorization Flow in the App registration Page.

But still our external app is asking to login for Authorization.

And for the access token expires only after 1 hour, what file should i modify to change the 1 hour expiration.?

And also is there a way to have Medication.write? our goal is to have the medication of a patient into the app and user of the app can change the medication qnty.

Thanks
Casper