What is your app based off of? Does it have any sort of proxy you can use to connect to your AWS instance? You might need to make some changes to your httpd.conf and setup proxying for you app if you are using create react app there’s a few ways to do this but look into whatever framework you are using as it might be different.
Since I’m testing for now I used a simple local .net 5 (core) app to consume the api. This app can run from anywhere, it is local now but it will live in its own space eventually.
My main concern is to make a simple curl or Postman request work as I’m trying to reach a point where I can demo how to interact with OpenEMR using APIs.
So how are you accessing your EC2 instance? Like I go to your ec2 URL: ec2-18-212-180-77.compute-1.amazonaws.com/oauth2/default/client/GkT5iv1cOmuCmmhn2vmFgw and nothing resolves so you need to fix that first before we can further help.
It’s IP sourced so only my IP has access. (For now since I’m testing).
I can open it up if that helps.
Nah thats fine as long as you are certain you can connect to it also make sure you use https as your API endpoint.
At this point I would just try to get it working with postman and once that works move on to your app because you will most certainly run into CORS issues.
@benmarte @sjpadgett would you have an example of Postman query (to retrieve an auth token) by any chance?
I was looking at the document that @benmarte put together here (https://benmarte.com/blog/openemr-api-v6/#void) since my setup will be very similar. my client app will not have any DB and therefore using grant_type:password makes sense for me.
I’m just trying to get one good example of either a curl or Postman request to retrieve a token using grant_type:password on v6.0
Once I see it working once I’m sure I can understand what I’m missing or doing wrong.
Thank you again guys !!
@benmarte looking at your document it seems like you are using some authentication in your Postman request to get a token. Could you share a screenshot maybe?
Have you checked your error logs in the openemr docker container? That would be your first step to start debugging I’m almost certain you are having CORS issues if you are testing directly from an EC2 instance.
Have you tried registering using the smartapp endpoint scopes? That’s what I ended up doing anyways instead of using all the scopes outlined in the readme I believe there was a scope that was causing an issue that’s included in the api example but I’m certain I removed it in my example.
Also enable error logging in administration > globals > logging and set system error logging to debug error logging that might help get an error that might help figure out what’s going on.
Remember just because you are ssh in to your ec2 instance via terminal does not mean your whole computer has access to your instance the only thing that has access to it is your ssh terminal just making sure you are aware of this.
Everything else I did I documented exactly as what I did, like I said I’m certain you are running into a CORS issue.
Hi @jerry/@sjpadgett,
I was exploring the FHIR Api support in OpenEMR version v6.1.0-dev hosted at https://eleven.openemr.io
Following your instructions for v6 OAuth authorization, I was able to cal the Token Api to get the access token for scope of “openid” and “api:fhir”. The response is as below.
{
“id_token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJuT2hXcXdlRlZjWGh0ejJBaXBSTDNBVWNRNURSOWg1YmxNWWFmb2VCYk9vIiwiaXNzIjoiaHR0cHM6XC9cL2VsZXZlbi5vcGVuZW1yLmlvXC9vcGVuZW1yXC9vYXV0aDJcL2RlZmF1bHQiLCJpYXQiOjE2MTUyNzQ3MDIsImV4cCI6MTYxNTI3ODMwMiwic3ViIjoiOTJlNzczNWItZDI5Mi00NzQ5LTgyYTctODVjNjI4NmE0NGFiIiwiYXBpOmZoaXIiOnRydWV9.1w_U6Idtx26xiniTSIH7KoUOpOy4boF50mjAPnfDCjW0PH3tz_fZXxw3AIOSvn-o4zRsMFufBvBAZ9S_f7KBOoMmwwRYl7ckB1l5VK65wTCBUzDZpsg79uPneKeuAtSLC_BOzTni4xN8GSKn_qVo6AcOGfwG_Gmac8gXv8ag5HUWD_hscQMi9KbgFC17NWUWoCmfM_-vb6NJEGjOZEtsrPQllOKgA7cXC_CkjWDVVj5I-JT93jmhRtb6kDq30fCTm_doLFyL2MZQqOAPQCYZbxD7_Uxe8nVBTIOUAFd0kgWAVC_sn90A15q3SHGjkipRKXqLtsOECMMTEHciQSEP_w”,
“scope”: “openid”,
“token_type”: “Bearer”,
“expires_in”: 3600,
“access_token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJuT2hXcXdlRlZjWGh0ejJBaXBSTDNBVWNRNURSOWg1YmxNWWFmb2VCYk9vIiwianRpIjoiOTFlYjE1M2I5YThmMmY5ODcxMzgwMGJjMDgzMmVlMmFkOGE5ZGYxNDQyMTM1NDM3OTgzYTA5NzVkNTI5NzRkNDAzMWQ3YjBmYjNjN2RhZWMiLCJpYXQiOjE2MTUyNzQ3MDIsIm5iZiI6MTYxNTI3NDcwMiwiZXhwIjoxNjE1Mjc4MzAyLCJzdWIiOiI5MmU3NzM1Yi1kMjkyLTQ3NDktODJhNy04NWM2Mjg2YTQ0YWIiLCJzY29wZXMiOlsib3BlbmlkIiwiYXBpOmZoaXIiLCJzaXRlOmRlZmF1bHQiXX0.m4DW02iPFMVokR8Qm1CpYziAj2H1qod94jcfS7oxxgYQlze5un45aATpc31HeagpyyxqOORlqQ93Cce-W_USfSpatswyOCzRUULWFCuZhKc9bGkGs5qaziHLUrrTcbUbhUd6w8pJZqdR-9sVHrc_EOpka5g17Tnjp94LFpLAVu7w58AQN5aCwBIjk0CcS_AOThq9VCPbL7KmPmWgE4blGgCkEMYs2K_j9ip53SYwXdyoJ_NLvCSFd0nNcL-wt8dtsUYv15GjJhLZUvm3W35sezV62HhuWx0RdWdme_tOvtXSaj3Jp8fTALJ2uM4h7UOvxCWY-Xkzw_csDzEESTd9FQ”
}
I then tried to post a patient using the FHIR Api endpoint as in your example first by using the access_token value as authorization bearer token but the response is 401 unauthorized.
I don’t see any related error log entries for this action except for this line which I think is logged when trying to get code while logging.
[09-Mar-2021 07:43:34 UTC] PHP Warning: Undefined array key “nonce” in /var/www/localhost/htdocs/openemr/src/RestControllers/AuthorizationController.php on line 584
Then I tried the Id_token value as authorization bearer token and in this case the response is a 500 internal server error.
The error log file has the following entries in this case
[09-Mar-2021 07:47:19 UTC] PHP Warning: foreach() argument must be of type array|object, null given in /var/www/localhost/htdocs/openemr/apis/dispatch.php on line 75
[09-Mar-2021 07:47:19 UTC] PHP Fatal error: Uncaught TypeError: OpenEMR\Common\Http\HttpRestRequest::setAccessTokenScopes(): Argument #1 ($scopes) must be of type array, null given, called in /var/www/localhost/htdocs/openemr/apis/dispatch.php on line 83 and defined in /var/www/localhost/htdocs/openemr/src/Common/Http/HttpRestRequest.php:257
Stack trace:
#0 /var/www/localhost/htdocs/openemr/apis/dispatch.php(83): OpenEMR\Common\Http\HttpRestRequest->setAccessTokenScopes(NULL)
#1 {main}
thrown in /var/www/localhost/htdocs/openemr/src/Common/Http/HttpRestRequest.php on line 257
Please let me know what is missing or wrong and what should be changed so as to be able to get the FHIR Api call to work.
Thanks
Rajesh
In continuation with exploring FHIR Api support and the issue mentioned in previous post, i again tried Oauth2 authorization and FHIR Api access on the demo sever at https://demo.openemr.io.
Here again i was able to get the Authorization_Code as below, the only thing noticeable was the scope value of “openid” even though the registration was for a scope of “openid api:fhir api:oemr”
Token Response:
{
“id_token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiI4Rndobl9rWDdxWkZzNHR0WC1GUXVCMEptd3dkUG1vZTNkbmlianhnODFJIiwiaXNzIjoiaHR0cHM6XC9cL2RlbW8ub3BlbmVtci5pb1wvb3BlbmVtclwvb2F1dGgyXC9kZWZhdWx0IiwiaWF0IjoxNjE1Mzc0MDA4LCJleHAiOjE2MTUzNzc2MDgsInN1YiI6IjkyZWE5ZGRiLTVkZjYtNDJjMC04ZWZhLTJjYTc5ZjU2NDVlNSIsImFwaTpmaGlyIjp0cnVlLCJhcGk6b2VtciI6dHJ1ZX0.XL8BT441HCDvB32VA7quA2VY2MfcvyxsSHMGIdzcPJFNSNQpY5udoPo8doVPU6KHRLxBq6qsVaH0T5P-7sKsKijGibz2EuzSrjJFAVfoLjuiyTITsrj7NOJJb_Jp5KImWCdEZeno_G58UXk8BpnF3L-KfSn7rOeXiOibE2z9Ge3TRR5npy0N3DP4tmePeIMZ8O7es7SJsqf1F6HLGg5bwEbPbFSQK5suUPXqFx-nBgngU0uWopAqzZiXx1Rz3eXDdksvdavkRj8fOoT23ex3AWzpf2aMIuLYDiYcQhiW4BAXbESiJOmEN3txYWdb415HsnJ35Otezwrz7DWZjo6NfQ”,
“scope”: “openid”,
“token_type”: “Bearer”,
“expires_in”: 3600,
“access_token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiI4Rndobl9rWDdxWkZzNHR0WC1GUXVCMEptd3dkUG1vZTNkbmlianhnODFJIiwianRpIjoiNDg4NzVmZDQwYWI1MWQ1OThjMzkyMDBkN2UxZWY2ZDczMWIyY2EwN2FiMjg5ZmE4NzExYjUzMTIwMWRkNjlkYzIzZjBhNWQxZGNkYzVjYzciLCJpYXQiOjE2MTUzNzQwMDgsIm5iZiI6MTYxNTM3NDAwOCwiZXhwIjoxNjE1Mzc3NjA4LCJzdWIiOiI5MmVhOWRkYi01ZGY2LTQyYzAtOGVmYS0yY2E3OWY1NjQ1ZTUiLCJzY29wZXMiOlsib3BlbmlkIiwiYXBpOmZoaXIiLCJhcGk6b2VtciIsInNpdGU6ZGVmYXVsdCJdfQ.VHTovxvh2K–4LhOsdC6dM0UuOyr_7bIuWChczN5VZJgIRYyD1x-5dJ5gct-mX8n64gagOHUCvjD5q0gXm9hB2ZFmc7JAuc2i2OaKlCJncExrp43v-mYXORtUSl30e5S3nFGCy6hADe7uv20Vb2VLSR5SA8qsDuBWQVkIWYuFVdSjIOws57gnQE1MIAkUzOBD92Zud-ioG78o_1gvT4wh4F2b_Kw1BEco2bh25Zw7OOlvyLys7dC8woCjL2U0w-ezcCfmceRWv9B6Z3-gDZ8OGCui9MwYT738FkYbDry109YNCiVBUar3mbCsWApNAYnLciL7NQLizq8BcS6-bCQSA”,
“refresh_token”: “def502005d88a129c0de1cd0d8b1570ab610fe120814346d06d264c0f8008d4cd6a53966b94a02de029e2d2ee5578fde5527071dc7b1c2db792b8d17e144773c8c0b460687eb9dfbf48a19f730a36e9ae115a2381055aa6703a1d0bcf0b40e3584dc4ecdefcde14c2cb1d620508e0f721c8bd84731e5de7b890f029d59d5f0d6c65685452999ce1d196ee7dad9037a3a6dbb87a2d602291783369c70bdbfa22c839cd81a7add63de43e012c9ffe00ade49196e30989508eacc1d2ff86d856f053501c9226d8513ff74eef1fdfb68fb3397be1a66d3fe7346d1ed46a59623e9dc2c23bd389316b1a937c150384131edadc755db4407a8a6423d54c9fb78886850f8c5232846aeed8b1fb1db02d202f2cf92820a97fc8259a7c8360368fedb52b3926d049f934ee509eba928decfaececbd0b47bd050ef56d7473a3e67596fffe95d5fe561069fcbad62cf2d04581f4f7fbc4a58e0af54e7fa22e4531cd8b9e06849ab105bb7a6188c28a8a5c76a333085d92cda7ef376e01d35f8fc7ae74f29087bc6893f4ab7490a077f54ff49c40835267de24b0cbbfd1d295c8f3ce2675d26a5bf62e201d82b3180b1a9316a75d794c9243d2fc4babe37235acca69b2b138adc431abb2d6966d5cbd72708fa44555cc2117b26a321a8d8d49a6ea560”
}
Next I tried pulling to make the FHIR patient api call passing the bearer token as authorization header but get the 401 unauthorized error.
On checking the php log on the server at https://one.openemr.io/log/logPhp.txt it shows the following entry for each FHIR patient request I made.
[10-Mar-2021 11:22:01 UTC] PHP Fatal error: Uncaught LogicException: Key path “file:///var/www/localhost/htdocs/a/openemr/sites/default/documents/certificates/oapublic.key” does not exist or is not readable in /var/www/localhost/htdocs/a/openemr/vendor/league/oauth2-server/src/CryptKey.php:52
Stack trace:
#0 /var/www/localhost/htdocs/a/openemr/vendor/league/oauth2-server/src/ResourceServer.php(50): League\OAuth2\Server\CryptKey->__construct(‘file:///var/www…’)
#1 /var/www/localhost/htdocs/a/openemr/_rest_config.php(201): League\OAuth2\Server\ResourceServer->__construct(Object(OpenEMR\Common\Auth\OpenIDConnect\Repositories\AccessTokenRepository), ‘/var/www/localh…’)
#2 /var/www/localhost/htdocs/a/openemr/apis/dispatch.php(59): RestConfig::verifyAccessToken()
#3 {main}
thrown in /var/www/localhost/htdocs/a/openemr/vendor/league/oauth2-server/src/CryptKey.php on line 52
From the error it seem the publicy key certificate file is not accessible for some reason.
Please check the issue and fix.
Thanks,
Rajesh Maurya
Hi @jerry/@sjpadgett/@brady.miller,
I repeated my FHIR Api test at the instance https://demo.openemr.io.
Now when I call the FHIR patient Api (https://demo.openemr.io/openemr/apis/default/api/patient) i still get the 401 unauthorized error, but the error logged in the log file is different now.
Below is the extract of the error from the log file.
[15-Mar-2021 06:43:26 UTC] OpenEMR Error - api site error, so forced exit
[15-Mar-2021 06:46:27 UTC] OpenEMR Error - api site error, so forced exit
[15-Mar-2021 06:49:28 UTC] OpenEMR Error - api site error, so forced exit
I am also posting below the steps and related details I performed to get the access token.
1) Register
url: https://demo.openemr.io/openemr/oauth2/default/registration
post date:
{
“application_type”: “private”,
“redirect_uris”:[“https://client.example.org/callback”],
“post_logout_redirect_uris”: [“https://client.example.org/logout/callback”],
“client_name”: “FHIR Client”,
“token_endpoint_auth_method”: “client_secret_post”,
“contacts”: [“rmaurya@switchlane.com”],
“scope”: “api:fhir api:oemr openid”
}
Response:
{
“client_id”: “6Za3GjlERIyw5GM-ZXL6WjSqMUwITUdJ9ra_5br4R8g”,
“client_secret”: “Pv0GmUifie7vr5QqgJ-T7cEkiPKXblRSzQASmd7dPTR887fgjQ9jx_dP_tmO9qu8dfQgpl1Zi3OzefTyqFq-hA”,
“registration_access_token”: “IndIDVyC1xY77i_ypxQaTOqBKpXfBDiIRcEKV4w9FQ8”,
“registration_client_uri”: “https://demo.openemr.io/openemr/oauth2/default/client/VnS0mFWrRZOI830IURy3Gw”,
“client_id_issued_at”: 1615790537,
“client_secret_expires_at”: 0,
“client_role”: “user”,
“contacts”: [“rmaurya@switchlane.com”],
“application_type”: “private”,
“client_name”: “FHIR Client”,
“redirect_uris”: [“https://client.example.org/callback”],
“post_logout_redirect_uris”: [“https://client.example.org/logout/callback”],
“token_endpoint_auth_method”: “client_secret_post”,
“scope”: “api:fhir api:oemr openid”
}
2) Enable the API client
3) Authorize to get access code
url: https://demo.openemr.io/openemr/oauth2/default/authorize?response_type=code&client_id=6Za3GjlERIyw5GM-ZXL6WjSqMUwITUdJ9ra_5br4R8g&state=a95b970548dd8880ddb7c3192439f468fe63396f&scope=openid api:fhir api:oemr
scope confirmation:
4) Get Token
url: https://demo.openemr.io/openemr/oauth2/default/token
Post detail:
Response:
{
“id_token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiI2WmEzR2psRVJJeXc1R00tWlhMNldqU3FNVXdJVFVkSjlyYV81YnI0UjhnIiwiaXNzIjoiaHR0cHM6XC9cL2RlbW8ub3BlbmVtci5pb1wvb3BlbmVtclwvb2F1dGgyXC9kZWZhdWx0IiwiaWF0IjoxNjE1NzkyNTE3LCJleHAiOjE2MTU3OTYxMTcsInN1YiI6IjkyZjJhOWM1LTJmNDctNDVhZC1iMTU0LTg0ODhlNmU1MjMxMyIsImFwaTpmaGlyIjp0cnVlLCJhcGk6b2VtciI6dHJ1ZX0.BQOb3FWyTnYbzQ533jxLZf1B2E0LU4rOYJwA-FOMSrovExTXS1qvMNPiC8nivcJ7vatKKt2WIYjAm3YpNvaKbczkINoCvaIN20C0kKypKabhbtCgJkODjBqbx2TLehIp3wSLV_2jzaTT4qtLYl9wMoTDKso6AD9d99YuBopzFp6OaQcBvGdMOrMYZEfouWJZoFO9LG7vY2KylYJbAXFQu1TFSu1PNDnGsy8DhvYVP1XV5ziLvKzGDbqJI71lvPEdGa3dONc_8Rv1C0xORZT39oiafd61Cw2ai8rl4U6v_EkRhFNletwLfjSvnkdD-TCKqCxysHY5K4AQLkE2IOg_cA”,
“scope”: “openid”,
“token_type”: “Bearer”,
“expires_in”: 3600,
“access_token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiI2WmEzR2psRVJJeXc1R00tWlhMNldqU3FNVXdJVFVkSjlyYV81YnI0UjhnIiwianRpIjoiMDdjMWFlMTkxZWRhMmNmNzVhMTkyYmI1ODViZTYxZGQwZWIxMWM4YzU1ZWI3ZGUwM2U2ZGM1MDY2YjQ5NmM4MTM4YmJjOGUzOThiMjNkZjYiLCJpYXQiOjE2MTU3OTI1MTcsIm5iZiI6MTYxNTc5MjUxNywiZXhwIjoxNjE1Nzk2MTE3LCJzdWIiOiI5MmYyYTljNS0yZjQ3LTQ1YWQtYjE1NC04NDg4ZTZlNTIzMTMiLCJzY29wZXMiOlsib3BlbmlkIiwiYXBpOmZoaXIiLCJhcGk6b2VtciIsInNpdGU6ZGVmYXVsdCJdfQ.EmhOBYtcSvIiGvITn5y0bu0Ovd6XYkSb5Su11Y5dJjK2OkODfnFlssMHs3rVkPgrVWjgRktMDil5SE96xbCr16P8KN4ER38y7pcxp0wz1CXOFmJdE_e4fs3WtzE89tbgoiP_Eo0aMn-8osolANXM3sx3q-F30pQZkRnZwkj5bRoxv9JtTArYFD6ZPO60bkj_PMGS3nfNk-DewI0ST_P-9xOOi2IV2hUijTsmxDlEQahadhFdcqgmz4qgVQtP-cWVKH2x3a39icTCJyrYoUnmfSKcSLMYLepeipzkdt5XiDZsDmzPP-1LGlRGw6uqnKOmcxbD2qYrJ0Ub7RAuGijRvg”,
“refresh_token”: “def502004bd5669df42a6c8357edae5faba4b49a8e3ce0ec7a2a59e2a20b6edbbe589572ce3d3ee4259b4bbe16b78477a6ea1e0d01b6e7c0309a75682e3ad18baac6aa2c7c073831e81828cd1a4454616658a50071622d9d207508ef23456429c50dd3d7f2513a2d9ad83d7a34ffd3b2953f8fc3ab401b3702671521767e94e3f3326367e630849086625c540947414000eaaf83bb7f69309d5349c5d38818b027802e7235db0f5ca4a108de6dade6b992ccd9b97de853c601d79baccd144bb854ee73d29140bf7cd9e9218addc969f75e8a8b342a3192d1a04888b6d36aedc0256b2ff05977501ed6b14b961c5eb5e0fdbfaeded7935ae7749b33d8ced1b45bc26ca9b6a06548570d4e84d942850f722cc755a44f6db6f2e664954114f1b315bf161951e44591e9d18566a8489c06110ad84fe51a528791c6b43e0bb0bdb3fbdd5d14ed043c66a70b5c90e4da40eb19778be9816256ecbf23de96dcb249220dd04739e89e43256fcf19bac69dbffb0a6688b6dcb4769a9e1612f645b4f2a54c093e9c7510bbcc80a980eabc46ec17ef2f95e261ca4d81560d1f1d3ec0059f2deaf78695caf841593e8cf697a25a7d61b49693a8ef7a411a19402694bb9533bfe6ac89a6cc87d9b9db0cd6299ebb14fc9c07acc7c0da3021851b8a261f”
}
-
FHIR Patient API access - with “access_token” as bearer token
Url: https://demo.openemr.io/openemr/apis/default/fhir/Patient
Response: 401 unauthorized
-
API patient access - - with “access_token” as bearer token
Url: https://demo.openemr.io/openemr/apis/default/api/patient
Response: 401 unauthorized
Please let me know how we can access the FHIR Api using the Oauth2 access token.
Thanks,
Rajesh Maurya
hi @RajM ,
Your fhir request will require the user/Patient.read scope
Your api request will require the user/patient.read scope
Scopes are listed here for 6.0.0:
openemr/API_README.md at rel-600 · openemr/openemr · GitHub
1 Like
Also ensure you have the api:oemr scope for the api call and the api:fhir scope for the fhir call.
Hi Brady(@brady.miller),
Thank you for your help.
I was able to access the FHIR Api patient endpoint following your suggestions.
Below are the details for reference for others.
1) Registration
Post Data
{
“application_type”: “private”,
“redirect_uris”:[“https://client.example.org/callback”],
“post_logout_redirect_uris”: [“https://client.example.org/logout/callback”],
“client_name”: “FHIR Client”,
“token_endpoint_auth_method”: “client_secret_post”,
“contacts”: [“rmaurya@switchlane.com”],
“scope”: “api:fhir api:oemr openid user/Patient.read user/patient.read”
}
- Authorize
url: https://demo.openemr.io/openemr/oauth2/default/authorize?response_type=code&client_id=O7fslbQ2Fg3x6Y7u3yyrnLxteaYFdRVjJWjmwYw3cP4&state=a95b970548dd8880ddb7c3192439f468fe63396f&scope=openid api:fhir api:oemr user/Patient.read user/patient.read
With these change now when I get the token the response has the additional scopes added.
e.g.
{
“id_token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJPN2ZzbGJRMkZnM3g2WTd1M3l5cm5MeHRlYVlGZFJWakpXam13WXczY1A0IiwiaXNzIjoiaHR0cHM6XC9cL2RlbW8ub3BlbmVtci5pb1wvb3BlbmVtclwvb2F1dGgyXC9kZWZhdWx0IiwiaWF0IjoxNjE1ODAxMDUyLCJleHAiOjE2MTU4MDQ2NTEsInN1YiI6IjkyZjRhY2MwLTk3Y2UtNDE1Ni05YWM2LTQ2YTg5ZTA0YmQyOSIsImFwaTpmaGlyIjp0cnVlLCJhcGk6b2VtciI6dHJ1ZX0.O35CQ86R-K2lhOczWBIXQB77qXs8WvNuI8p5-KMXs5-wErNm6RDuL_BdA1V7VfupHxo9EeS4p2uEpc0c4lcEfudpb_hV3u7iLH8jsU3UE52J5On-zC3XQ8GNMX22DAQmWbnvKDNPNc6-EOihjiIGkBwTBhEYBCHWCuCkyuz-p3SHChsvC5OWLVYfAnV-oOG8B4YDPl3DxOe09_K5eL11rUtFuaeQWPWParA643MtkHrAVo7cSZnGDpW7qnZp1iipayh4nVpGXSVbEc_i7KFZqOLalXB6nzAxmNEqE25HRb8q2oAiZs_2XXpKIPSvyTODdP1AXn3ZuxBhdL9IPO62Zw”,
“scope”: “openid user/Patient.read”,
“token_type”: “Bearer”,
“expires_in”: 3600,
“access_token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJPN2ZzbGJRMkZnM3g2WTd1M3l5cm5MeHRlYVlGZFJWakpXam13WXczY1A0IiwianRpIjoiOWQ0NTc5MTAwNmYyZjk4OGI1YjhhNDgxZTg3ZmYyYjAzNDU5NmJiM2IzZTQwZDBkMjYwNDY5MzZlOTJjNDYwMGZiOTBmYWI4MGNjZDg4OTUiLCJpYXQiOjE2MTU4MDEwNTEsIm5iZiI6MTYxNTgwMTA1MSwiZXhwIjoxNjE1ODA0NjUxLCJzdWIiOiI5MmY0YWNjMC05N2NlLTQxNTYtOWFjNi00NmE4OWUwNGJkMjkiLCJzY29wZXMiOlsib3BlbmlkIiwiYXBpOmZoaXIiLCJhcGk6b2VtciIsInVzZXJcL1BhdGllbnQucmVhZCIsInBhdGllbnRcL1BhdGllbnQucmVhZCIsInNpdGU6ZGVmYXVsdCJdfQ.XuJsvU7533VjzKGhfnMQcVQ7fIYxqGkXAdjS3JLCEYKQLOr9j4_aD8t3558HhT32pLAcq4TXa8bZZcPVO-CH6922aVoVmy4hJZAugxcOWc5vlVxL7n95U7X-bIAg8KeVz9z3guZCFmUQbtA90sVu4rtbsyii7jGsCfXBxdgJEGBFBVoQjhQskRg0xZPnLndQy5Xo3Qsi-WSR_1JOhl5UDB0bgF7JAr1eHJO3lKA_xc5cH50_oOH9o00L1pb05r5O4WvPWsK9Kq3-KWXGJybu1XJRRbf5YmcfIbVT3RArmyoVEbEg_5Ww18KrSRzZCXnl_dIm540dyQ3EIjU3DuCA0Q”,
“refresh_token”: “def50200bb58aef0d9f9553e944ba54445c0a174e599da7cd6b55c73286819570ce8e415ee82bd601c06a4eb8fe832fb3f13ffb299e7a97e443b5a8b4bfa0c31a333bdb17f452366ac8d2d268788b0b376a46fcebdb1be41e6f64b55a56d632ca8a0ebcdbffe11670e8a51350ea59dd46815efe7e0f7dabf9128c260aac30011d38e718310c38d09b34fcab248bd0bf0e0efc902dad61072723add2a7134637a3aa7d69e746bde7ead7adbfcff48f71b52eaa70099db94c2a64e951a7f3579e5d34d55f23232ce5d33cf306261732323f44850e2664ae28307e709d2d1c28daa5609ed6fc20d6e16efca1b248409fcf4acc2158f40d48875c96da75d804f1c3632d39343a9b475f04da394340fd5a55c5519f40dc1f66571d24c6fd2906d572529e1b63fa00516e13e4ae88d7633c72c5309781b692462ebb2d705b0419aeea463c7c0effa88e5cfb172b855f6fed61cfdd76d26a3ec8e926858e44eb82e500a4e8ecd5d217bf8e58f067779979063422fad100e4e254db4adbdeea4ccccfdb27fdbc8dd3b82fe5c2cab4cf183b2436b99a8e97e4d51093b5918f0628a73d1c05d06b1fc8b2ddcedfea30d4cd8c0b4cfce03e4e463a9b41728ab9fb79231069d49391d95e24e23c8b89b21d2c82168c7a7212719a38b9106618461541a24b93f33c906ae8651a213be3f3576f01407dbeb266cae48972f62266a9f008ab3637f8ffdf1422594adca0201”
}
Thanks,
Rajesh
1 Like
Hi
1.) Can any one help me in access FHIR API to generate token http://openemr.localhost/oauth2/default/token this API is always send me response
{“error”:“invalid_grant”,“error_description”:“The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.”,“hint”:“Failed Authentication”,“message”:“The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.”}
Can anyone suggest me what should i left in API request.
My postman screenshot are given below
I am run my project over xampp in windows system.
2.) Also that API http://openemr.localhost/oauth2/default/authorize?response_type=code&client_id=Mp7w3PncFLZQxYVUArkr8tNAs7G_r562QvksY5XiJpM&state=a85b870548dd8880ddb7c3192439f468fe63396f&scope=openid offline_access api:oemr api:fhir api:port user/allergy.read user/allergy.write user/appointment.read user/appointment.write user/dental_issue.read user/dental_issue.write user/document.read user/document.write user/drug.read user/encounter.read user/encounter.write user/facility.read user/facility.write user/immunization.read user/insurance.read user/insurance.write user/insurance_company.read user/insurance_company.write user/insurance_type.read user/list.read user/medical_problem.read user/medical_problem.write user/medication.read user/medication.write user/message.write user/patient.read user/patient.write user/practitioner.read user/practitioner.write user/prescription.read user/procedure.read user/soap_note.read user/soap_note.write user/surgery.read user/surgery.write user/vital.read user/vital.write user/AllergyIntolerance.read user/CareTeam.read user/Condition.read user/Coverage.read user/Encounter.read user/Immunization.read user/Location.read user/Medication.read user/MedicationRequest.read user/Observation.read user/Organization.read user/Organization.write user/Patient.read user/Patient.write user/Practitioner.read user/Practitioner.write user/PractitionerRole.read user/Procedure.read patient/encounter.read patient/patient.read patient/AllergyIntolerance.read patient/CareTeam.read patient/Condition.read patient/Encounter.read patient/Immunization.read patient/MedicationRequest.read patient/Observation.read patient/Patient.read patient/Procedure.read&redirect_uri=https://openemr.localhost
This above API is also giving me directory listing page of the oauth2/default directory why?
Thanks,
Mohit
Hi @brady.miller
Can you help me please
When i hit API for get token http://openemr.localhost/oauth2/default/token
It always show me bad request why?
I am attach screen-shot for my postman
Can you help me how to resolve this problem
Thanks.
Only one place this error will occur which is the trusted user saved between server sign in and return to token endpoint to get access token where the state is missing in saved session.
So are you successfully signing into the server?
Also turn on debug in globals and review transactions in php error log.
Hi Thanks for help me.
I have one another query
After generate token by URl http://openemr.localhost/oauth2/default/token
This will how me error.
It was not possible to parse your key, reason: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
I’d be nice if everyone would put up the whole story when reporting issues so, I’m confused!
Is this error from an access token validation(meaning you received one) or during the auth code validation?
Try deleting so a need key set is generated: sites/default/documents/certificates/oaprivate.key and oapublic keys.
Also did you turn on debug like I asked?
Hi guys,
This thread is really helpful! Thank you.
I was able to get API working using development deployed here https://eleven.openemr.io/a/openemr and I can get information for Encounters for registered patient but if I try to read /vital, it says 404.
Could you please let me know if this should work or there is another way to get Vitals info for a patient?
Thank you
Timur please open this as a separate thread so we can address your issue and you can mark a solution once we’ve discovered the solution. In that thread please post what scopes you get back when you request an access token from the API. Your scope needs to list the vital.read for the standard API. Also on the eleven demo you should be able to have access to the php error_log paste the snippets of your logs here that deals with the vitals request. Make sure to turn on the logging debug setting in globals.