can't get a token back from epic fhir auth server

Question

I'm not getting a token back from my epic app.

I'm calling my app (PFI_app, non-prod. client id: [my_client_id]) from a browser script:

FHIR.oauth2.authorize({
    'client_id':[my_client_id],
    'scope':'openid, fhirUser,PATIENT.READ, PATIENT.SEARCH, OBSERVATION.READ, OBSERVATION.SEARCH',
    'redirect_uri':[my_redirect_uri],
    'state':'abc123',
    'aud':'https://fhir.epic.com/interconnect-fhir-oauth/api/fhir/r4'
});

I get prompted to login at signin.epic.com and i use the credentials FHIR (username) and EpicFhir11!(password), which i got from this page: https://fhir.epic.com/Documentation?docId=testpatients.

at my redirect url page i use the following to get the access token:

FHIR.oauth2.ready()
      .then(function(client){
        myapp.smart = client
        console.log(client);
      })

BUT, i keep getting the following error message:

Failed to load resource: the server responded with a status of 400 (Bad Request) app.html:39 https://fhir.epic.com/interconnect-fhir-oauth/oauth2/token

i get another message saying: URL: https://fhir.epic.com/interconnect-fhir-oauth/oauth2/token unauthorized_client

this leads me to believe that i logged in with an improper user who isn't authorized.

ultimately, i don't get a token. any idea why? is it because I'm using improper login credentials and therfore that user doesn't have access to get a token.

also, I'm using fhir-client.js not, fhir-client-v2.js, is that a problem?

UPDATE:

so I just waited and token issue resolved itself. perhaps there was a time period I had to wait after changing my epic fhir app information at fhir.epic.com. I changed the "Application Audience" from patients to "clinicians and administrative users." I had been logging in to epic when prompted as an admin for many hours before I wrote this post, but I can't think of anything that I changed to my code. I just waited.

now my last remaining problem is that when I try and search for patients from the sandbox with this code:

var obs = await fetch(myapp.smart["state"]["serverUrl"]+"/Patient?address=123%20Main%20St.&address-city=Madison&address-postalcode=53703&address-state=Wisconsin&family=Mychart&gender=Female&given=Allison&telecom=608-123-4567",{
          headers:{
            "Accept":"application/json+fhir",
            "Authorization":"Bearer"+myapp.smart["state"]["tokenResponse"]["access_token"]
          }
        }).then(function(data){
          return data;
        });
        
        var response = await obs.json();

        console.log( response );

I get another "unauthorized message":

Failed to load resource: the server responded with a status of 401 (Unauthorized) https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/Patient?address=123%20Main%20St.&address-city=Madison&address-postalcode=53703&address-state=Wisconsin&family=Mychart&gender=Female&given=Allison&telecom=608-123-4567

this is where I got the syntax for structuring this call to the Patient.search resource:

https://fhir.epic.com/Sandbox?api=932

any ideas why I'm unauthorized to make this call? again, I'm logged in using the provider-facing app user credentials listed here: https://fhir.epic.com/Documentation?docId=testpatients (username: FHIR)

UPDATE:

so I changed the FHIR.oauth2.ready call to include the request and it worked. I'm not sure why I couldn't include the provided token as a Bearer token in fetch but the following worked:

var req = "/Patient?address=123%20Main%20St.&address-city=Madison&address-postalcode=53703&address-state=Wisconsin&family=Mychart&gender=Female&given=Allison&telecom=608-123-4567"

FHIR.oauth2.ready( client => client.request(req) ).then(function(output){
        console.log(output); /* should include search results for the patient */ 
});

thanks for any help

can't get a token back from epic fhir auth server

Answers (1)

Related Questions

can&#39;t get a token back from epic fhir auth server

Answers (1)

Related Questions

can't get a token back from epic fhir auth server