Workflow or API calls:
curl 'https://authorization.cerner.com/tenants/ec2458f2-1e24-41c8-b71b-0e701af7583d/protocols/oauth2/profiles/smart-v1/token' \
-H 'Accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials' \
-d 'scope=user%2FDiagnosticReport.write' \
-d 'client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer' \
-d 'client_assertion=<jwt_assertion>
Background Information:
Failure to provide answers will impact our ability to respond in a timely and effective manner
Developer questions:
Are you an OPN Member? No
Have you signed up to be in the Healthcare Developer Track? No
Are you a registered Code Program member? No
Does your App have a presence on the Oracle Healthcare App Marketplace? No
Are you developing on behalf of an Oracle Health client? No
Application ID
2de047f5-22f5-4fb9-abab-42fc19f93021
Client ID
ddc744a2-cd52-4bc9-a6d5-7caf0aaa882a
Analyzing the jwt in jwt.io results in:
Header:
{
"alg": "RS384",
"kid": "a9fd7d56-e475-4324-b7a0-d1ab3b8de704",
"typ": "JWT"
}
Payload:
{
"iss": "ddc744a2-cd52-4bc9-a6d5-7caf0aaa882a",
"sub": "ddc744a2-cd52-4bc9-a6d5-7caf0aaa882a",
"aud": "https://authorization.cerner.com/tenants/ec2458f2-1e24-41c8-b71b-0e701af7583d/protocols/oauth2/profiles/smart-v1/token",
"exp": 1750100638,
"jti": "2f895849-cb70-4508-bc5c-38cefc4d44cc",
"iat": 1750100338
}
The call was made well within the 5 minutes between ‘iat’ and ‘exp’, which both looks correct.
Expected Result:
HTTP code 200 and a token
Actual Result:
400 and
{
"error": "invalid\_client",
"error\_uri": "https://authorization.cerner.com/errors/urn%3Acerner%3Aerror%3Aauthorization-server%3Aclient-assertion%3Ajwt-bearer%3Aexpired/instances/83176d06-64ea-4527-b196-31b3a73dc1d3?client=ddc744a2-cd52-4bc9-a6d5-7caf0aaa882a&tenant=ec2458f2-1e24-41c8-b71b-0e701af7583d"
}