Skip to Main Content
Forums

R4 APIs (Millennium)

Announcement

For information related to the Oracle Partner Network (OPN) Industry Healthcare Track please visit our OPN Industry Healthcare Program page.

For specific questions related to Oracle Partner Network (OPN), please contact Partner Assistance.

Millennium FHIR and non-FHIR API Specifications and Supporting Documents can be found HERE on docs.oracle.com
Soarian FHIR API Specifications and Supporting Documents can be found HERE on docs.oracle.com.

C1941 domain - code_challenge_methods_supported property not present

Michael TurmanMay 1 2025

In troubleshooting an Mpage launch issue with a customer, we found that the well-known/smart-configuration response differs in an important way between C1941 and client endpoints.

Client endpoints include a ‘code_challenge_methods_supported’ property in their response, where-as the C1941 domain's response does not.

This is causing our app launch to fail because the open source SMART-FHIR js library we use to perform our SMART auth sequence programmatically identifies the “code_challenge” property in the /smart-configuration response and adjusts its auth behavior accordingly. The problem is that our app is registered to use the SMART app launch v1 protocol, which does not use a PKCE code_challenge to authorize itself. This disconnect is causing the app launch to fail.

Further, because the C1941 domain does not include this property, we were not able to find this issue until the app was deployed to a customer AND we are not able to recreate the issue in the C1941 domain, making investigation and resolution much more difficult.

We are asking that the C1941 domain's /smart-configuration endpoint reflect the same properties as real client endpoints.

Workflow or API calls:

C1941: https://fhir-ehr-code.cerner.com/r4/ec2458f2-1e24-41c8-b71b-0e701af7583d/.well-known/smart-configuration

Client example: https://fhir-ehr.cerner.com/r4/e6f9b4bf-142e-47be-8246-33cebe5229b6/.well-known/smart-configuration

Background Information:
Developer questions:

Are you an OPN Member? Yes
Have you signed up to be in the Healthcare Developer Track? Yes
Are you a registered Code Program member? Yes
Does your App have a presence on the Oracle Healthcare App Marketplace? Yes

Are you developing on behalf of an Oracle Health client?
If so, which client: USC_CA

Application's Client ID and App ID, if relevant:

Expected Result:

The C1941 domain's .well-known/smart-configuration response matches that of client domains, including the presence of the code_challenge_methods_support property.

Actual Result:

The C1941 domain does not include the “code_challenge_methods_support” property in its .well-known/smart-configuration response.
Comments
Post Details
Added on May 1 2025
#authorization
6 comments
336 views
2 mentions