LiveCode is the premier environment for creating multi-platform solutions for all major operating systems - Windows, Mac OS X, Linux, the Web, Server environments and Mobile platforms. Brand new to LiveCode? Welcome!
Hello, I am having trouble connecting to a testbed sandbox successfully and retrieving a token and then query for standalone app only, not web app. The below is what I tried so far but get URI redirect error.
constant kAuthURL = "https://authorization.sandboxcerner.com/tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/personas/provider/authorize"
constant kTokenURL = "https://authorization.sandboxcerner.com/tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/token"
constant kClientID = "1d843340-66fe-4691-b179-2ac46704356d "
constant kClientSecret = ""
constant kScopes = "patient/Observation.read patient/Patient.read openid profile launch/patient"
constant kPort = 443
local sAuth
command PostToSlack pMessage
if sAuth["access_token"] is empty then
OAuth2 kAuthURL, kTokenURL, kClientID, kClientSecret, kScopes, kPort
if the result is not empty then
return "Not authorized!" for error
else
put it into sAuth
end if
end if
end PostToSlack
Many APIs require you to set a redirect URI server side and failing to do so or setting it incorrectly will result in the redirect uri mismatch error. In this case you need to set it to: http://127.0.0.1:443/. There should be some method available to do so in the api console where you got your client id and secret from.
However, you might not want to use port 443 as it's such a commonly used port. The recommended range in the docs is 49152 to 65535.
Cheers
Monte
LiveCode User Group on Facebook : http://FaceBook.com/groups/LiveCodeUsers/
Hi monte,thanks for replying. I actually have two URI they require and little confused of what to put where. I attached an image to post. Do I put in both areas "http://127.0.0.1:443/" to make this work, the smart launch URI and redirect URI?
Also just fyi, there is no place to put a Client Secret code with them as you can see below. I asked them and they said they don't require it.
I tried putting http://127.0.0.1:62121/ for both slots in instead and now it returns "Not authorized".
Hello, I found out this bit of information that might help get working:
"After you redirect to the Cerner authorization page you should see a login form where you enter user name and password, and after that you should be redirected back to your redirect URL http://127.0.0.1:62121"
Seems it should open up browser where I can log in.
Hello monte, I tried doing the error piece and it didn't return. I also checked again and they stated there is no clientSecret. I am not sure it is because it is sandbox domain is the reason.
constant kAuthURL = "https://authorization.sandboxcerner.com/tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/personas/provider/authorize"
constant kTokenURL = "https://authorization.sandboxcerner.com/tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/token"
constant kClientID = "e4193b40-e317-47c2-b385-e5017c6b5f0a"
constant kClientSecret = ""
constant kScopes = "openid profile user/*.read"
constant kPort = 62121
local sAuth
command PostToFHIR pMessage
if sAuth["access_token"] is empty then
OAuth2 kAuthURL, kTokenURL, kClientID, kClientSecret, kScopes, kPort
if the result is not empty then
return "OAuth error:" & the result for error
--answer "Not authorized!"
else
put it into sAuth
answer it
end if
end if
URL of the EHR resource server from which the app wishes to retrieve FHIR data. This parameter prevents leaking a genuine bearer token to a counterfeit resource server. (Note: in the case of an EHR launch flow, this aud value is the same as the launch's iss value.)
I also found a bug in the OAuth2 library encoding spaces incorrectly which I'll fix right now.
LiveCode User Group on Facebook : http://FaceBook.com/groups/LiveCodeUsers/
@Mikey - Hello, I saw the library in the 9.0 dp4 version.
@Monte - This is great news! I appreciate your help. I wish to test it, do I copy and replace a "oauth2.livecodescript" file located in the livecode folders? Or will this be uploaded to a new dp version soon?
monte wrote:Looking at the docs here http://docs.smarthealthit.org/authorization/ I see that you need an additional `aud` parameter:
URL of the EHR resource server from which the app wishes to retrieve FHIR data. This parameter prevents leaking a genuine bearer token to a counterfeit resource server. (Note: in the case of an EHR launch flow, this aud value is the same as the launch's iss value.)
Hey Monte, If I can find out the additional`aud` parameter where would I put it in my code I posted above? Can I use this library with them I guess is the main question. From what I gather I need to log in with portal/portal (in sandbox mode) before obtaining access. I did test the library again after editing, but still get no error and a pop up box which disappears quickly that says Authenticate in header.
local tParamA
put "whatever the aud url is" into tParamA["aud"]
OAuth2 kAuthURL, kTokenURL, kClientID, kClientSecret, kScopes, kPort, tParamA
Hello monte, I did try that with the supplied aud URL's, but no luck. I asked FHIR and they gave me the reply below. When I perform the OAuth2 library coding it always pops up box for a short second with title bar heading "Authenticate". Basically the user logs in. The log in is portal/portal for sandbox FHIR. Any ideas to get this working? Thank you for any help.
We have our sandbox URLs (and some links into the definition of the service root URL as FHIR defines it in the spec) published here: http://fhir.cerner.com/dstu2/#service-root-url. This hasn't been updated to include the patient "beta" FHIR URLs yet, but will be soon.
The sign in happens on redirect to the authorization URL (Authorize App), along with the user possibly granting the application access to their record. This is an opaque part of the process, and will happen in the user's browser without extra interaction with the application itself.