V6 Authorization and API changes afoot

RajM · March 15, 2021, 10:17am

Thank you for your help.

I was able to access the FHIR Api patient endpoint following your suggestions.

Below are the details for reference for others.

1) Registration
Post Data
{
“application_type”: “private”,
“redirect_uris”:[“https://client.example.org/callback”],
“post_logout_redirect_uris”: [“https://client.example.org/logout/callback”],
“client_name”: “FHIR Client”,
“token_endpoint_auth_method”: “client_secret_post”,
“contacts”: [“rmaurya@switchlane.com”],
“scope”: “api:fhir api:oemr openid user/Patient.read user/patient.read”
}

Authorize
url: https://demo.openemr.io/openemr/oauth2/default/authorize?response_type=code&client_id=O7fslbQ2Fg3x6Y7u3yyrnLxteaYFdRVjJWjmwYw3cP4&state=a95b970548dd8880ddb7c3192439f468fe63396f&scope=openid api:fhir api:oemr user/Patient.read user/patient.read

With these change now when I get the token the response has the additional scopes added.
e.g.
{
“id_token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJPN2ZzbGJRMkZnM3g2WTd1M3l5cm5MeHRlYVlGZFJWakpXam13WXczY1A0IiwiaXNzIjoiaHR0cHM6XC9cL2RlbW8ub3BlbmVtci5pb1wvb3BlbmVtclwvb2F1dGgyXC9kZWZhdWx0IiwiaWF0IjoxNjE1ODAxMDUyLCJleHAiOjE2MTU4MDQ2NTEsInN1YiI6IjkyZjRhY2MwLTk3Y2UtNDE1Ni05YWM2LTQ2YTg5ZTA0YmQyOSIsImFwaTpmaGlyIjp0cnVlLCJhcGk6b2VtciI6dHJ1ZX0.O35CQ86R-K2lhOczWBIXQB77qXs8WvNuI8p5-KMXs5-wErNm6RDuL_BdA1V7VfupHxo9EeS4p2uEpc0c4lcEfudpb_hV3u7iLH8jsU3UE52J5On-zC3XQ8GNMX22DAQmWbnvKDNPNc6-EOihjiIGkBwTBhEYBCHWCuCkyuz-p3SHChsvC5OWLVYfAnV-oOG8B4YDPl3DxOe09_K5eL11rUtFuaeQWPWParA643MtkHrAVo7cSZnGDpW7qnZp1iipayh4nVpGXSVbEc_i7KFZqOLalXB6nzAxmNEqE25HRb8q2oAiZs_2XXpKIPSvyTODdP1AXn3ZuxBhdL9IPO62Zw”,
“scope”: “openid user/Patient.read”,
“token_type”: “Bearer”,
“expires_in”: 3600,
“access_token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJPN2ZzbGJRMkZnM3g2WTd1M3l5cm5MeHRlYVlGZFJWakpXam13WXczY1A0IiwianRpIjoiOWQ0NTc5MTAwNmYyZjk4OGI1YjhhNDgxZTg3ZmYyYjAzNDU5NmJiM2IzZTQwZDBkMjYwNDY5MzZlOTJjNDYwMGZiOTBmYWI4MGNjZDg4OTUiLCJpYXQiOjE2MTU4MDEwNTEsIm5iZiI6MTYxNTgwMTA1MSwiZXhwIjoxNjE1ODA0NjUxLCJzdWIiOiI5MmY0YWNjMC05N2NlLTQxNTYtOWFjNi00NmE4OWUwNGJkMjkiLCJzY29wZXMiOlsib3BlbmlkIiwiYXBpOmZoaXIiLCJhcGk6b2VtciIsInVzZXJcL1BhdGllbnQucmVhZCIsInBhdGllbnRcL1BhdGllbnQucmVhZCIsInNpdGU6ZGVmYXVsdCJdfQ.XuJsvU7533VjzKGhfnMQcVQ7fIYxqGkXAdjS3JLCEYKQLOr9j4_aD8t3558HhT32pLAcq4TXa8bZZcPVO-CH6922aVoVmy4hJZAugxcOWc5vlVxL7n95U7X-bIAg8KeVz9z3guZCFmUQbtA90sVu4rtbsyii7jGsCfXBxdgJEGBFBVoQjhQskRg0xZPnLndQy5Xo3Qsi-WSR_1JOhl5UDB0bgF7JAr1eHJO3lKA_xc5cH50_oOH9o00L1pb05r5O4WvPWsK9Kq3-KWXGJybu1XJRRbf5YmcfIbVT3RArmyoVEbEg_5Ww18KrSRzZCXnl_dIm540dyQ3EIjU3DuCA0Q”,
“refresh_token”: “def50200bb58aef0d9f9553e944ba54445c0a174e599da7cd6b55c73286819570ce8e415ee82bd601c06a4eb8fe832fb3f13ffb299e7a97e443b5a8b4bfa0c31a333bdb17f452366ac8d2d268788b0b376a46fcebdb1be41e6f64b55a56d632ca8a0ebcdbffe11670e8a51350ea59dd46815efe7e0f7dabf9128c260aac30011d38e718310c38d09b34fcab248bd0bf0e0efc902dad61072723add2a7134637a3aa7d69e746bde7ead7adbfcff48f71b52eaa70099db94c2a64e951a7f3579e5d34d55f23232ce5d33cf306261732323f44850e2664ae28307e709d2d1c28daa5609ed6fc20d6e16efca1b248409fcf4acc2158f40d48875c96da75d804f1c3632d39343a9b475f04da394340fd5a55c5519f40dc1f66571d24c6fd2906d572529e1b63fa00516e13e4ae88d7633c72c5309781b692462ebb2d705b0419aeea463c7c0effa88e5cfb172b855f6fed61cfdd76d26a3ec8e926858e44eb82e500a4e8ecd5d217bf8e58f067779979063422fad100e4e254db4adbdeea4ccccfdb27fdbc8dd3b82fe5c2cab4cf183b2436b99a8e97e4d51093b5918f0628a73d1c05d06b1fc8b2ddcedfea30d4cd8c0b4cfce03e4e463a9b41728ab9fb79231069d49391d95e24e23c8b89b21d2c82168c7a7212719a38b9106618461541a24b93f33c906ae8651a213be3f3576f01407dbeb266cae48972f62266a9f008ab3637f8ffdf1422594adca0201”
}

Thanks,
Rajesh

mohit · June 25, 2021, 3:40pm

Hi

1.) Can any one help me in access FHIR API to generate token http://openemr.localhost/oauth2/default/token this API is always send me response

{“error”:“invalid_grant”,“error_description”:“The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.”,“hint”:“Failed Authentication”,“message”:“The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.”}

Can anyone suggest me what should i left in API request.
My postman screenshot are given below

I am run my project over xampp in windows system.

2.) Also that API http://openemr.localhost/oauth2/default/authorize?response_type=code&client_id=Mp7w3PncFLZQxYVUArkr8tNAs7G_r562QvksY5XiJpM&state=a85b870548dd8880ddb7c3192439f468fe63396f&scope=openid offline_access api:oemr api:fhir api:port user/allergy.read user/allergy.write user/appointment.read user/appointment.write user/dental_issue.read user/dental_issue.write user/document.read user/document.write user/drug.read user/encounter.read user/encounter.write user/facility.read user/facility.write user/immunization.read user/insurance.read user/insurance.write user/insurance_company.read user/insurance_company.write user/insurance_type.read user/list.read user/medical_problem.read user/medical_problem.write user/medication.read user/medication.write user/message.write user/patient.read user/patient.write user/practitioner.read user/practitioner.write user/prescription.read user/procedure.read user/soap_note.read user/soap_note.write user/surgery.read user/surgery.write user/vital.read user/vital.write user/AllergyIntolerance.read user/CareTeam.read user/Condition.read user/Coverage.read user/Encounter.read user/Immunization.read user/Location.read user/Medication.read user/MedicationRequest.read user/Observation.read user/Organization.read user/Organization.write user/Patient.read user/Patient.write user/Practitioner.read user/Practitioner.write user/PractitionerRole.read user/Procedure.read patient/encounter.read patient/patient.read patient/AllergyIntolerance.read patient/CareTeam.read patient/Condition.read patient/Encounter.read patient/Immunization.read patient/MedicationRequest.read patient/Observation.read patient/Patient.read patient/Procedure.read&redirect_uri=https://openemr.localhost

This above API is also giving me directory listing page of the oauth2/default directory why?

Thanks,
Mohit

mohit · June 28, 2021, 1:53pm

Hi @brady.miller
Can you help me please
When i hit API for get token http://openemr.localhost/oauth2/default/token
It always show me bad request why?
I am attach screen-shot for my postman

Can you help me how to resolve this problem
Thanks.

sjpadgett · June 28, 2021, 3:30pm

Only one place this error will occur which is the trusted user saved between server sign in and return to token endpoint to get access token where the state is missing in saved session.
So are you successfully signing into the server?
Also turn on debug in globals and review transactions in php error log.

mohit · June 28, 2021, 3:40pm

Hi Thanks for help me.

I have one another query
After generate token by URl http://openemr.localhost/oauth2/default/token
This will how me error.

It was not possible to parse your key, reason: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt

sjpadgett · June 28, 2021, 5:28pm

I’d be nice if everyone would put up the whole story when reporting issues so, I’m confused!
Is this error from an access token validation(meaning you received one) or during the auth code validation?

Try deleting so a need key set is generated: sites/default/documents/certificates/oaprivate.key and oapublic keys.

Also did you turn on debug like I asked?

Timur_Mikhaylov · September 21, 2021, 5:21am

Hi guys,
This thread is really helpful! Thank you.
I was able to get API working using development deployed here https://eleven.openemr.io/a/openemr and I can get information for Encounters for registered patient but if I try to read /vital, it says 404.
Could you please let me know if this should work or there is another way to get Vitals info for a patient?
Thank you

adunsulag · September 21, 2021, 2:02pm

Timur please open this as a separate thread so we can address your issue and you can mark a solution once we’ve discovered the solution. In that thread please post what scopes you get back when you request an access token from the API. Your scope needs to list the vital.read for the standard API. Also on the eleven demo you should be able to have access to the php error_log paste the snippets of your logs here that deals with the vitals request. Make sure to turn on the logging debug setting in globals.