SMART Authorization

Announcement

For information related to the Oracle Partner Network (OPN) Industry Healthcare Track please visit our OPN Industry Healthcare Program page.

For specific questions related to Oracle Partner Network (OPN), please contact Partner Assistance.

Millennium FHIR and non-FHIR API Specifications and Supporting Documents can be found HERE on docs.oracle.com.
Soarian FHIR API Specifications and Supporting Documents can be found HERE on docs.oracle.com.

CORS Error on .well-known/openid-configuration Blocking SSO Token Validation

Amarjeet bMay 2 2025

Hi Team,

We're encountering an issue with the .well-known/openid-configuration endpoint for our tenant:

https://authorization.cerner.com/tenants/ec2458f2-1e24-41c8-b71b-0e701af7583d/.well-known/openid-configuration

Our SSO flow via Auth0 completes successfully, and the user is redirected back with an ID token. However, when Auth0 attempts to validate the token by fetching the JWKS (as specified in the OpenID metadata), it runs into a CORS error, blocking access to the JWKS URI.

This prevents proper token signature validation and breaks our flow.

We confirmed the endpoint is accessible via browser, but when we tried to decode the token using jwt.io, we got an invalid signature, and it also ran into a CORS error. Could you please help us resolve this CORS restriction or advise on an alternative approach?

Thank you!

This post has been answered by Matthew Randall-Oracle on May 5 2025

Jump to Answer

Added on May 2 2025

#authorization, #authorization/provider-app, #authorization/sso, #fhir

8 comments

1,555 views

1 mention