Can't get a valid access token in FHIR Server with OAuth2

Question

José Pereira · Dec 11, 2022

Hi!

I'm playing with OAuth2 with FHIR Server, but returned tokens cause 401 or 403 errors when trying to get FHIR resources.

I tried using fhir-client.js and Postman. Access tokens returned have been failing for both, with a 401 when trying through fhir-client.js and a 403 using Postman.

Here are my settings:

OAuth2 server

OAuth2 user

OAuth2 application

fhir-client.js launch page

<!DOCTYPE html>
<html>
<head>
  <script src="https://cdn.jsdelivr.net/npm/fhirclient@2.5.2/build/fhir-client.js"></script>
</head>
<body>Loading...</body>
<script>
  FHIR.oauth2.authorize({
    "client_id": "v7b8p314jfn4ldbmtodt1cd3k",
    "clientSecret": "c4t8lsoeku3mvr698smb66eqve8ejemoei6ebm4u1fo2n65pkbv",
    "scope": "openid profile launch/patient patient/*.read",
    "redirect_uri": "https://localhost:9090/index.html",
    "iss": "https://fhirauth.chmkcc9xgiqu.workload-prod-fhiraas.isccloud.io/oauth2"
  });
</script>
</html>

fhir-client.js redirect page (index.html)

<!DOCTYPE html>
<html>

<head>
    <title>User Profile</title>
    <script src="https://cdn.jsdelivr.net/npm/fhirclient@2.5.2/build/fhir-client.js"></script>
</head>

<body>
    <script>
        FHIR.oauth2.ready()
            .then(client => client.request("Patient"))
            .then(console.log)
            .catch(console.error);
    </script>
</body>

</html>

fhir-client.js response

Postman

I tried out the same example with the SMART on FHIR Launcher and all works as expected:

SMART Launcher

Any help will be appreciated!

Thanks!

#FHIR #OAuth2 #InterSystems IRIS for Health