Skip to Main Content
Forums

SMART Authorization

Announcement

For information related to the Oracle Partner Network (OPN) Industry Healthcare Track please visit our OPN Industry Healthcare Program page.

For specific questions related to Oracle Partner Network (OPN), please contact Partner Assistance.

Millennium FHIR and non-FHIR API Specifications and Supporting Documents can be found HERE on docs.oracle.com
Soarian FHIR API Specifications and Supporting Documents can be found HERE on docs.oracle.com.

CORS error using the Test Sandbox - Millennium

Peter DeSimoneJun 20 2024 — edited Jun 25 2024

Workflow or API calls:

We had an existing Smart on FHIR implementation for a different EHR. So I pointed the Code Console test app to an internal site (behind a firewall) and the existing FHIR page. I encountered a CORS error.

I don't see anything in your docs to help mitigate a CORS situations when I want the EMR to launch my app and perform the FHIR handshake (In my case, we use MRN, but problem for later)

Chrome console responds with: 406 Not Acceptable.

This is a .Net 4.8 web application and updated the app to Allow CORS:

(web.config - CORS change that didn't help.)
<add name="Access-Control-Allow-Origin" value="*"/>
<add name="Access-Control-Allow-Headers" value="Content-Type"/>
<add name="Access-Control-Allow-Methods" value="GET, OPTIONS" />

(Browser error/CORS)
Access to fetch at 'https://authorization.cerner.com/tenants/ec2458f2-1e24-41c8-b71b-0e701af7583d/protocols/oauth2/profiles/smart-v1/personas/patient/authorize?scope=launch&response_type=code&redirect_uri=https%3A%2F%2Fmyapp.company.com%3A4443%2Fhome%2Fepic&client_id=fb7873cc-6e06-4a4b-87e1-aa4c1bf23692&launch=dc529af3-d5ca-4198-bc79-baf72dc4ba44&aud=https%3A%2F%2Ffhir-myrecord.cerner.com%2Fr4%2Fec2458f2-1e24-41c8-b71b-0e701af7583d' from origin 'https://myapp.company.com:4443' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

(App Logs)

fetching from: https://fhir-myrecord.sandboxcerner.com/r4/dacc6494-e336-45ad-8729-b789ff8663c6/.well-known/smart-configuration
response received, authorization_endpoint = https://authorization.sandboxcerner.com/tenants/dacc6494-e336-45ad-8729-b789ff8663c6/protocols/oauth2/profiles/smart-v1/personas/patient/authorize
response received, token_endpoint = https://authorization.sandboxcerner.com/tenants/dacc6494-e336-45ad-8729-b789ff8663c6/protocols/oauth2/profiles/smart-v1/token
fetching from full_auth_url = https://authorization.sandboxcerner.com/tenants/dacc6494-e336-45ad-8729-b789ff8663c6/protocols/oauth2/profiles/smart-v1/personas/patient/authorize?scope=launch&response_type=code&redirect_uri=https%3A%2F%2Fmyapp.company.com%3A4443%2Fhome%2Fepic&client_id=fb7873cc-6e06-4a4b-87e1-aa4c1bf23692&launch=d2ecdb04-4d03-4d8f-a975-120020db3eac&aud=https%3A%2F%2Ffhir-myrecord.sandboxcerner.com%2Fr4%2Fdacc6494-e336-45ad-8729-b789ff8663c6

Expected Result:

Actual Result:

X-Request-Id / Cerner-Correlation-Id / opc-request-id:
This post has been answered by M Surya-Oracle on Aug 21 2024
Jump to Answer
Comments
Post Details
Added on Jun 20 2024
18 comments
542 views
1 mention