Workflow or API calls:
When our SMART App is running in MPages in an iFrame, it is failing to authorize due to it not running in a secure context. It seems that the hosting page is not in a secure context. Is this correct? Shouldn’t the cernabcneaodr03.cernerasp.com be using https instead of http?
Background Infomation:
Developer questions:
Are you an OPN Member? Yes
Have you signed up to be in the Healthcare Developer Track? Yes
Are you a registered Code Program member? Yes
Does your App have a presence on the Oracle Healthcare App Marketplace? Yes
Are you developing on behalf of an Oracle Health client? No, not a specific client
If so, which client:
Application's Client ID and App ID, if relevant:
Expected Result:
SMART App should authorize and successfully launch.
Actual Result:
SMART App fails after retrieving .well-known/smart-configuration and starting authorization flow.
Error message:
Some of the required subtle crypto functionality is not available unless you run this app in secure context (using HTTPS or running locally). See https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts
Dates: 7/8/25 and 7/9/25
X-Request-Id / Cerner-Correlation-Id / opc-request-id:
Date/time of the example: