Oauth2 authorize grant permissions every time and longer access token expire

Cristian_Don · February 6, 2024, 8:50am

Hello
Can you please help me with these 2 oauth2 problems:
I created an API client registration for my app. On the authorize call (i.e. host/oauth2/default/authorize?client_id=…&response_type=code&scope=…&state=…) I get redirected to the login (/oauth2/default/provider/login) but here I have 2 issues:

1. On the login screen after entering user and password I am forced to grant the app permissions every time. I want to do this only once, the first time, and then OpenEMR should remember that I granted the app with permissions.

2. The access token expires only after 1 hour. I know I can refresh the token, but is there a way to have the default expire default much bigger?

Thank you

adunsulag · February 10, 2024, 6:38pm

You need to use a refresh token to accomplish this if you are doing a standalone app. If you are doing an EHR launch app you can utilize the EHR login session to bypass the login screen as discussed in this pull request: feat: #6525 Use EHR authorization for SMART Apps by adunsulag · Pull Request #6628 · openemr/openemr · GitHub
You can modify the code, but there is no configuration setting for this. This was an intentional design decision for both security and because our USA ONC certification requires it.