Workflow or API calls:
I'm initiating the SMART on FHIR launch from the Code Console sandbox. When the flow reaches the authorization step at authorization.cerner.com, it results in a 400 Bad Request error. The issue seems to be related to the forceAuthn=true query parameter.
https://authorization.cerner.com/session-api/realm/ec2458f2-1e24-41c8-b71b-0e701af7583d?to=https%3A%2F%2Fauthorization.cerner.com%2Ftenants%2Fec2458f2-1e24-41c8-b71b-0e701af7583d%2Fprotocols%2Foauth2%2Fprofiles%2Fsmart-v1%2Fpersonas%2Fprovider%2Fauthorize%3Faud%3Dhttps%253A%252F%252Ffhir-ehr-code.cerner.com%252Fr4%252Fec2458f2-1e24-41c8-b71b-0e701af7583d%26scope%3Dlaunch%2Bprofile%2BfhirUser%2Bopenid%2Boffline_access%2Bpatient%252FAccount.read%2Bpatient%252FAllergyIntolerance.read%2Bpatient%252FAppointment.read%2Bpatient%252FBinary.read%2Bpatient%252FCarePlan.read%2Bpatient%252FCareTeam.read%2Bpatient%252FChargeItem.read%2Bpatient%252FCommunication.read%2Bpatient%252FCondition.read%2Bpatient%252FConsent.read%2Bpatient%252FCoverage.read%2Bpatient%252FDevice.read%2Bpatient%252FDiagnosticReport.read%2Bpatient%252FDocumentReference.read%2Bpatient%252FEncounter.read%2Bpatient%252FFamilyMemberHistory.read%2Bpatient%252FGoal.read%2Bpatient%252FImmunization.read%2Bpatient%252FInsurancePlan.read%2Bpatient%252FMedicationAdministration.read%2Bpatient%252FMedicationRequest.read%2Bpatient%252FNutritionOrder.read%2Bpatient%252FObservation.read%2Bpatient%252FPatient.read%2Bpatient%252FPerson.read%2Bpatient%252FProcedure.read%2Bpatient%252FProvenance.read%2Bpatient%252FQuestionnaire.read%2Bpatient%252FQuestionnaireResponse.read%2Bpatient%252FRelatedPerson.read%2Bpatient%252FSchedule.read%2Bpatient%252FServiceRequest.read%2Bpatient%252FSlot.read%2Bsystem%252FAccount.read%2Bsystem%252FAllergyIntolerance.read%2Bsystem%252FAppointment.read%2Bsystem%252FBinary.read%2Bsystem%252FCarePlan.read%2Bsystem%252FCareTeam.read%2Bsystem%252FChargeItem.read%2Bsystem%252FCommunication.read%2Bsystem%252FCondition.read%2Bsystem%252FConsent.read%2Bsystem%252FCoverage.read%2Bsystem%252FDevice.read%2Bsystem%252FDiagnosticReport.read%2Bsystem%252FDocumentReference.read%2Bsystem%252FEncounter.read%2Bsystem%252FFamilyMemberHistory.read%2Bsystem%252FGoal.read%2Bsystem%252FImmunization.read%2Bsystem%252FInsurancePlan.read%2Bsystem%252FLocation.read%2Bsystem%252FMedicationAdministration.read%2Bsystem%252FMedicationRequest.read%2Bsystem%252FNutritionOrder.read%2Bsystem%252FObservation.read%2Bsystem%252FOrganization.read%2Bsystem%252FPatient.read%2Bsystem%252FPerson.read%2Bsystem%252FPractitioner.read%2Bsystem%252FProcedure.read%2Bsystem%252FProvenance.read%2Bsystem%252FQuestionnaire.read%2Bsystem%252FQuestionnaireResponse.read%2Bsystem%252FRelatedPerson.read%2Bsystem%252FSchedule.read%2Bsystem%252FServiceRequest.read%2Bsystem%252FSlot.read%2Buser%252FAccount.read%2Buser%252FAllergyIntolerance.read%2Buser%252FAppointment.read%2Buser%252FBinary.read%2Buser%252FCarePlan.read%2Buser%252FCareTeam.read%2Buser%252FChargeItem.read%2Buser%252FCommunication.read%2Buser%252FCondition.read%2Buser%252FConsent.read%2Buser%252FCoverage.read%2Buser%252FDevice.read%2Buser%252FDiagnosticReport.read%2Buser%252FDocumentReference.read%2Buser%252FEncounter.read%2Buser%252FFamilyMemberHistory.read%2Buser%252FGoal.read%2Buser%252FImmunization.read%2Buser%252FInsurancePlan.read%2Buser%252FLocation.read%2Buser%252FMedicationAdministration.read%2Buser%252FMedicationRequest.read%2Buser%252FNutritionOrder.read%2Buser%252FObservation.read%2Buser%252FOrganization.read%2Buser%252FPatient.read%2Buser%252FPerson.read%2Buser%252FPractitioner.read%2Buser%252FProcedure.read%2Buser%252FProvenance.read%2Buser%252FQuestionnaire.read%2Buser%252FQuestionnaireResponse.read%2Buser%252FRelatedPerson.read%2Buser%252FSchedule.read%2Buser%252FServiceRequest.read%2Buser%252FSlot.read%26initialRequestId%3D92277edf-8a17-4672-9cca-8653f71588c2%26response_type%3Dcode%26launch%3D2d3a4f16-fa38-46c7-9196-3214f8c5000c%26redirect_uri%3Dhttps%253A%252F%252Fdev.drgbyai.com%252Flaunch%252Fauth%26state%3DvX0lvL9DgeijgqdC%26client_id%3Da1ce19aa-e957-4166-a778-2fedc025e068&forceAuthn=true
Background Information:
I'm using the standard authorization flow provided in the Cerner sandbox. The issue only occurs when forceAuthn=true is present in the request URL. However, if I remove this parameter or clear the browser storage (cookies/session/local) for authorization.cerner.com, the authentication proceeds without errors.
Are you developing on behalf of an Oracle Health client? Yes
If so, which client: https://cernercare.com/accounts/person/ffb07ba8-3467-41ea-8914-59a61721cf8f
Expected Result:
The authorization request should proceed successfully to millennium app, even with forceAuthn=true included, as it is meant to force re-authentication.
Actual Result:
The request returns HTTP Status 400 - Bad Request when forceAuthn=true is included in the query string. If I remove it or clear the browser memory for authorization.cerner.com, the authentication works correctly.
Has anyone faced this issue before? Does Cerner support forceAuthn=true, or is there a specific requirement to use it?
Thanks in advance!
Request Method: GET