CODEWITHSUNDEEP
hl7-fhirsmart-on-fhir
ewang
ewang

Reputation: 506

Epic FHR Integrations: Moving from Sandbox to Prod

I've used SMART on FHIR to successfully pull test patient data from Epic's sandbox for a patient-facing app (it's a standalone launch). I'm trying now to pull real patient data from a health system but I keep getting the error when trying to authorize my app: "OAuth2 Error. Something went wrong trying to authorize the client. Please try logging in again."

When I was testing with sandbox data, I used this code as reference and then modified it to work for React. This is code I used to authorize my app:

function pullEpicData() {
    FHIR.oauth2.authorize({
        'client_id': {Non-Prod Client ID given by Epic},
        'scope':  'PATIENT.READ, PATIENT.SEARCH',
        'redirect_uri': {my website},
        'iss': 'https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/'
    })
}

This worked fine.

When I switched to prod mode, I used the following code to try to authorize my app:

function pullEpicData() {
    FHIR.oauth2.authorize({
        'client_id': {Prod Client ID given by Epic},
        'scope':  'PATIENT.READ, PATIENT.SEARCH',
        'redirect_uri': {my website},
        'iss': 'https://sfd.stanfordmed.org/FHIR/api/FHIR/R4/'
    })
}

However, this authorization keeps failing.

I didn't make any other changes to my code. Is there anything else I should be doing when switching from sandbox to prod to make the authorization work properly? I'm not using refresh tokens at the moment. Thanks!

Upvotes: 0

Views: 1753

Answers (1)

Cooper
Cooper

Reputation: 1340

There are two very common causes of this issue:

  1. Your client ID does not qualify for auto-sync.
  2. You didn't wait the ~12 hours for your client ID to sync.

For auto-sync, when you register a client ID, the APIs you select may disqualify you for auto-sync. If you don't qualify for auto-sync, then the healthcare organization you want to connect to just explicitly approve your app before it can be used to connect to their endpoints. There is an indicator near the bottom of the client registration form that indicates if you qualify for auto-sync or not.

Regardless of whether your app qualifies for auto-sync, or was explicitly approved by a health system, any changes to a client can take up to ~12 hours to sync (there is a job that runs every ~12 hours that downloads updates).

Other common OAuth2 connection issues are documented in our Troubleshooting Guide (requires login, but you can signup for an account for free).

Upvotes: 2

Related Questions