V6 Authorization and API changes afoot

OpenEMR Development
#61

Hi Brady(@brady.miller),

Thank you for your help.

I was able to access the FHIR Api patient endpoint following your suggestions.

Below are the details for reference for others.

1) Registration
Post Data
{
“application_type”: “private”,
“redirect_uris”:[“https://client.example.org/callback”],
“post_logout_redirect_uris”: [“https://client.example.org/logout/callback”],
“client_name”: “FHIR Client”,
“token_endpoint_auth_method”: “client_secret_post”,
“contacts”: [“rmaurya@switchlane.com”],
“scope”: “api:fhir api:oemr openid user/Patient.read user/patient.read
}

  1. Authorize
    url: https://demo.openemr.io/openemr/oauth2/default/authorize?response_type=code&client_id=O7fslbQ2Fg3x6Y7u3yyrnLxteaYFdRVjJWjmwYw3cP4&state=a95b970548dd8880ddb7c3192439f468fe63396f&scope=openid api:fhir api:oemr user/Patient.read user/patient.read

With these change now when I get the token the response has the additional scopes added.
e.g.
{
“id_token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJPN2ZzbGJRMkZnM3g2WTd1M3l5cm5MeHRlYVlGZFJWakpXam13WXczY1A0IiwiaXNzIjoiaHR0cHM6XC9cL2RlbW8ub3BlbmVtci5pb1wvb3BlbmVtclwvb2F1dGgyXC9kZWZhdWx0IiwiaWF0IjoxNjE1ODAxMDUyLCJleHAiOjE2MTU4MDQ2NTEsInN1YiI6IjkyZjRhY2MwLTk3Y2UtNDE1Ni05YWM2LTQ2YTg5ZTA0YmQyOSIsImFwaTpmaGlyIjp0cnVlLCJhcGk6b2VtciI6dHJ1ZX0.O35CQ86R-K2lhOczWBIXQB77qXs8WvNuI8p5-KMXs5-wErNm6RDuL_BdA1V7VfupHxo9EeS4p2uEpc0c4lcEfudpb_hV3u7iLH8jsU3UE52J5On-zC3XQ8GNMX22DAQmWbnvKDNPNc6-EOihjiIGkBwTBhEYBCHWCuCkyuz-p3SHChsvC5OWLVYfAnV-oOG8B4YDPl3DxOe09_K5eL11rUtFuaeQWPWParA643MtkHrAVo7cSZnGDpW7qnZp1iipayh4nVpGXSVbEc_i7KFZqOLalXB6nzAxmNEqE25HRb8q2oAiZs_2XXpKIPSvyTODdP1AXn3ZuxBhdL9IPO62Zw”,
“scope”: “openid user/Patient.read”,
“token_type”: “Bearer”,
“expires_in”: 3600,
“access_token”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJPN2ZzbGJRMkZnM3g2WTd1M3l5cm5MeHRlYVlGZFJWakpXam13WXczY1A0IiwianRpIjoiOWQ0NTc5MTAwNmYyZjk4OGI1YjhhNDgxZTg3ZmYyYjAzNDU5NmJiM2IzZTQwZDBkMjYwNDY5MzZlOTJjNDYwMGZiOTBmYWI4MGNjZDg4OTUiLCJpYXQiOjE2MTU4MDEwNTEsIm5iZiI6MTYxNTgwMTA1MSwiZXhwIjoxNjE1ODA0NjUxLCJzdWIiOiI5MmY0YWNjMC05N2NlLTQxNTYtOWFjNi00NmE4OWUwNGJkMjkiLCJzY29wZXMiOlsib3BlbmlkIiwiYXBpOmZoaXIiLCJhcGk6b2VtciIsInVzZXJcL1BhdGllbnQucmVhZCIsInBhdGllbnRcL1BhdGllbnQucmVhZCIsInNpdGU6ZGVmYXVsdCJdfQ.XuJsvU7533VjzKGhfnMQcVQ7fIYxqGkXAdjS3JLCEYKQLOr9j4_aD8t3558HhT32pLAcq4TXa8bZZcPVO-CH6922aVoVmy4hJZAugxcOWc5vlVxL7n95U7X-bIAg8KeVz9z3guZCFmUQbtA90sVu4rtbsyii7jGsCfXBxdgJEGBFBVoQjhQskRg0xZPnLndQy5Xo3Qsi-WSR_1JOhl5UDB0bgF7JAr1eHJO3lKA_xc5cH50_oOH9o00L1pb05r5O4WvPWsK9Kq3-KWXGJybu1XJRRbf5YmcfIbVT3RArmyoVEbEg_5Ww18KrSRzZCXnl_dIm540dyQ3EIjU3DuCA0Q”,
“refresh_token”: “def50200bb58aef0d9f9553e944ba54445c0a174e599da7cd6b55c73286819570ce8e415ee82bd601c06a4eb8fe832fb3f13ffb299e7a97e443b5a8b4bfa0c31a333bdb17f452366ac8d2d268788b0b376a46fcebdb1be41e6f64b55a56d632ca8a0ebcdbffe11670e8a51350ea59dd46815efe7e0f7dabf9128c260aac30011d38e718310c38d09b34fcab248bd0bf0e0efc902dad61072723add2a7134637a3aa7d69e746bde7ead7adbfcff48f71b52eaa70099db94c2a64e951a7f3579e5d34d55f23232ce5d33cf306261732323f44850e2664ae28307e709d2d1c28daa5609ed6fc20d6e16efca1b248409fcf4acc2158f40d48875c96da75d804f1c3632d39343a9b475f04da394340fd5a55c5519f40dc1f66571d24c6fd2906d572529e1b63fa00516e13e4ae88d7633c72c5309781b692462ebb2d705b0419aeea463c7c0effa88e5cfb172b855f6fed61cfdd76d26a3ec8e926858e44eb82e500a4e8ecd5d217bf8e58f067779979063422fad100e4e254db4adbdeea4ccccfdb27fdbc8dd3b82fe5c2cab4cf183b2436b99a8e97e4d51093b5918f0628a73d1c05d06b1fc8b2ddcedfea30d4cd8c0b4cfce03e4e463a9b41728ab9fb79231069d49391d95e24e23c8b89b21d2c82168c7a7212719a38b9106618461541a24b93f33c906ae8651a213be3f3576f01407dbeb266cae48972f62266a9f008ab3637f8ffdf1422594adca0201”
}

Thanks,
Rajesh

1 Like
Getting Error While Calling the Authorization Code Grant
#62

Hi

1.) Can any one help me in access FHIR API to generate token http://openemr.localhost/oauth2/default/token this API is always send me response

{“error”:“invalid_grant”,“error_description”:“The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.”,“hint”:“Failed Authentication”,“message”:“The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.”}

Can anyone suggest me what should i left in API request.
My postman screenshot are given below

image
image1364×768 67.8 KB

I am run my project over xampp in windows system.

2.) Also that API http://openemr.localhost/oauth2/default/authorize?response_type=code&client_id=Mp7w3PncFLZQxYVUArkr8tNAs7G_r562QvksY5XiJpM&state=a85b870548dd8880ddb7c3192439f468fe63396f&scope=openid offline_access api:oemr api:fhir api:port user/allergy.read user/allergy.write user/appointment.read user/appointment.write user/dental_issue.read user/dental_issue.write user/document.read user/document.write user/drug.read user/encounter.read user/encounter.write user/facility.read user/facility.write user/immunization.read user/insurance.read user/insurance.write user/insurance_company.read user/insurance_company.write user/insurance_type.read user/list.read user/medical_problem.read user/medical_problem.write user/medication.read user/medication.write user/message.write user/patient.read user/patient.write user/practitioner.read user/practitioner.write user/prescription.read user/procedure.read user/soap_note.read user/soap_note.write user/surgery.read user/surgery.write user/vital.read user/vital.write user/AllergyIntolerance.read user/CareTeam.read user/Condition.read user/Coverage.read user/Encounter.read user/Immunization.read user/Location.read user/Medication.read user/MedicationRequest.read user/Observation.read user/Organization.read user/Organization.write user/Patient.read user/Patient.write user/Practitioner.read user/Practitioner.write user/PractitionerRole.read user/Procedure.read patient/encounter.read patient/patient.read patient/AllergyIntolerance.read patient/CareTeam.read patient/Condition.read patient/Encounter.read patient/Immunization.read patient/MedicationRequest.read patient/Observation.read patient/Patient.read patient/Procedure.read&redirect_uri=https://openemr.localhost

This above API is also giving me directory listing page of the oauth2/default directory why?

Thanks,
Mohit

#63

Hi @brady.miller
Can you help me please
When i hit API for get token http://openemr.localhost/oauth2/default/token
It always show me bad request why?
I am attach screen-shot for my postman

image
image1364×768 137 KB

Can you help me how to resolve this problem
Thanks.

#64

Only one place this error will occur which is the trusted user saved between server sign in and return to token endpoint to get access token where the state is missing in saved session.
So are you successfully signing into the server?
Also turn on debug in globals and review transactions in php error log.

image
image1729×280 16.7 KB

#65

Hi Thanks for help me.

I have one another query
After generate token by URl http://openemr.localhost/oauth2/default/token
This will how me error.

It was not possible to parse your key, reason: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt

#66

I’d be nice if everyone would put up the whole story when reporting issues so, I’m confused!
Is this error from an access token validation(meaning you received one) or during the auth code validation?

Try deleting so a need key set is generated: sites/default/documents/certificates/oaprivate.key and oapublic keys.

Also did you turn on debug like I asked?

#67

Hi guys,
This thread is really helpful! Thank you.
I was able to get API working using development deployed here https://eleven.openemr.io/a/openemr and I can get information for Encounters for registered patient but if I try to read /vital, it says 404.
Could you please let me know if this should work or there is another way to get Vitals info for a patient?
Thank you

Patient_w_Vitals
Patient_w_Vitals1366×728 52.4 KB
encounter
encounter1352×721 63.2 KB

vital
vital1352×721 46.5 KB

#68

Timur please open this as a separate thread so we can address your issue and you can mark a solution once we’ve discovered the solution. In that thread please post what scopes you get back when you request an access token from the API. Your scope needs to list the vital.read for the standard API. Also on the eleven demo you should be able to have access to the php error_log paste the snippets of your logs here that deals with the vitals request. Make sure to turn on the logging debug setting in globals.