Read the readme and I hope it will give you a quick start.
I host in the openemr/modules so suggest you unzip there.
There’s a bug that sometimes when client is changed or first start up that after logging in to authorization server you’ll need to do a second log in. I’ll eventually fix.
Make the change from my PR.
run client_register.php to create all three clients. Clients are automatically enabled and replaced whenever register is ran. i.e. always only three clients.
Hi Jerry,
I am getting a clearance of the solution that you have send along with the zip file and inside the php codes to the authorization problem we have discussed before. Me and my team will go through these steps and get our hands dirty. We will update you the results and the queries(if we face) sometime today or by the end of today.
Appreciate your quick and precise help, Jerry. Thanks!
Hi Jerry,
Im Sayan from MedSync.
Just to update you on what we did so far,
we unzipped oe-module-api-explorer.zip inside openemr/modules as you suggested.
Made the changes described in the README.md.
Ran client_register.php?regen=1 to register the clients.
Here’s what we got after running the registration:
Starting client registrations…
→ [confidential] Deleting any existing client named “OpenEMR Confidential Auth‑Code Client”
→ [confidential] Registering client…
✓ [confidential] Saved credentials to “/var/www/html/openemr/modules/oe-module-api-explorer/client_confidential.json”
→ [public] Deleting any existing client named “OpenEMR Public PKCE Auth‑Code Client”
→ [public] Registering client…
✓ [public] Saved credentials to “/var/www/html/openemr/modules/oe-module-api-explorer/client_public.json”
🎉 All done!
I’m attaching screenshots for reference. For now, we’ve completed these steps, and we’ll continue with the next steps tomorrow.
When you run the explorer app it will auto populate available resource endpoints based on your registered scopes for the selected API type FHIR or standard. So no scope, no endpoint.
Thanks for getting back
we didn’t disable the JWT client intentionally.
When Sriyam first ran client_register.php?regen=1, he was getting this error for all three clients:
To work around this, I modified client_register.php to disable SSL verification (CURLOPT_SSL_VERIFYPEER => false) and also commented out references to columns not present in my OpenEMR 7.0.2 database (like redirect_uris, jwks_uri, and is_enabled) to avoid SQL errors.
After that, I re-ran the script, and it successfully registered only the Confidential and Public clients. That’s why the JWT client isn’t showing yet.
If you think it’s safe, I can re-enable those parts and try registering the JWT client again.
Also, I understand that the explorer auto-populates the resource endpoints based on the registered scopes. For now, I just wanted to confirm the registrations before moving ahead with testing the API calls.
Remove changes you made and run from explorer. I thought you had SSL now. It will not work w/o SSL cert. OpenEMR will fail on keys file fetch. I may do a work around to disable keys file and I already populate keys in client. Remember that the JWT client routine will create all the pems automatically i.e should never have to go to command line to test API’s. At least that’s what i’m going for…
This is Sriyam. I clearly understand and really have no words to express for the help and the guidance you are giving us, sir. Really appreciate it. Me and my team will work with your latest version of Explorer v1 and I hope we will not face the same troubles we were facing yesterday. We will update the results and conclusions by sometime today or by the end of this day. Thanks a ton Jerry.
But its not working for the client register php being unsuccessful.
Chatgpt is also saying this, that we need a valid domain to make this work which we can create free from site like duckdns.org. I think its a valid point hence mentioning it you. We need your call, Jerry.
I just turned off my certificate and tested with both http/https requests and works okay from localhost.
I don’t know what’s going on with your setup but you have everything you need from me for this to work.
Have you set up config.php because I modified it so ensure you have correct pathing and use_keys_file = false, default.
Try command line.
I recommend upgrading to 7.0.3
Otherwise I need to return to my projects and you should be able to figure this out from here.
good luck
We deployed OpenEMR freshly from Google Cloud of version 7.0.3…
only getting one 400 type error, what can be the issue?
We are working on it…your help and insight might speed us our work…
I have fixed this issue in my PR. I added auth type private_key_jwt and fixed system client always saving authorization_code.
You can patch your code from the first commit in PR. This will be in next patch.
You can also temporarily test the client by editing the jwt clients grant_type column to client_credentials in table oauth_clients.
Sorry Jerry, but we are not able to understand the fix. Can you be more clear and exact in especially about the particular changes in the php codes of which files. Sorry once again.
Actually we are don’t use Github much and especially the patching of code part is kind of new to us and hence facing this problem
Thanks a lot, Jerry! Truly appreciate you taking the time to work on the patch. No worries about the timing , me and my team will keep an eye out and get it installed as soon as it’s ready. Looking forward to it tomorrow!
