Skip to Main Content
Forums

SMART Authorization

Announcement

For information related to the Oracle Partner Network (OPN) Industry Healthcare Track please visit our OPN Industry Healthcare Program page.

For specific questions related to Oracle Partner Network (OPN), please contact Partner Assistance.

Millennium FHIR and non-FHIR API Specifications and Supporting Documents can be found HERE on docs.oracle.com
Soarian FHIR API Specifications and Supporting Documents can be found HERE on docs.oracle.com.

Invalid Client Response for JWT Sandbox Auth Request

Barry SnowSep 25 2025

Workflow or API calls:

Reminder: If this is referring to a client domain or EHR activity—not the public sandbox—do not include API request data or live patient data.

Background Information:

Failure to provide answers will impact our ability to respond in a timely and effective manner
Developer questions:

Are you an OPN Member? No
Have you signed up to be in the Healthcare Developer Track? No
Are you a registered Code Program member? Yes
Does your App have a presence on the Oracle Healthcare App Marketplace? No

Are you developing on behalf of an Oracle Health client?
If so, which client: No

Application's Client ID and App ID, if relevant:

Application ID: 6d32544e-5735-4603-a3b7-82ae2215136c

Client ID: c7221076-42cd-4ab1-9009-e6d791f983e8

Expected Result:

A successful response token

Actual Result:

{"error":"invalid_client","error_uri":"https://authorization.cerner.com/errors/urn%3Acerner%3Aerror%3Aauthorization-server%3Aclient-assertion%3Ajwt-bearer%3Ainvalid-signature/instances/3e3c1707-505b-4bd8-916f-6001ba7a8366?client=c7221076-42cd-4ab1-9009-e6d791f983e8&tenant=ec2458f2-1e24-41c8-b71b-0e701af7583d"}

Date/time of the example: "2025-09-25T11:35:48.591122-06:00"

I sent this as the request form:

client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6ImNlcm5lci1rZXktMSIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJodHRwczovL2F1dGhvcml6YXRpb24uY2VybmVyLmNvbS90ZW5hbnRzL2VjMjQ1OGYyLTFlMjQtNDFjOC1iNzFiLTBlNzAxYWY3NTgzZC9wcm90b2NvbHMvb2F1dGgyL3Byb2ZpbGVzL3NtYXJ0LXYxL3Rva2VuIiwiZXhwIjoxNzU4ODIyOTIwLCJpYXQiOjE3NTg4MjI3NDAsImlzcyI6ImM3MjIxMDc2LTQyY2QtNGFiMS05MDA5LWU2ZDc5MWY5ODNlOCIsImp0aSI6IjE3NTg4MjI3NDA1NTQ4NzEwMDAiLCJzdWIiOiJjNzIyMTA3Ni00MmNkLTRhYjEtOTAwOS1lNmQ3OTFmOTgzZTgifQ.XrWMgVSsG7LwDhDE9RmVIArtuoVZgvAoAvqTMOyi9wlPvYbHX6jyvdlUyuP7BSdfhqYtrgsxDyFfEGjdXgfm1e0syvQh5FR2GpZ1VgBktooF84-W9qWWQDqW4eUylfN3jsv_FHPjX6AVptqU0VR88fWUzceH6-x7ecB-MOpjtGmAJaEHObgZA1ymcT3LneV-Rehw6qa02RC8WYdfnXTiVDOy1RthlsGP9zDIL8L1XCfOF7BFBqwSMddIjcUvHuCnlRiyAVRp8BlwDb8EvlUYU4ISF8_GDiK511enwF4Y2WoxEEinqFmJQqZ0KDBJpa6X-LK8aW5Wp6qlV7Qzhdnb3w&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&grant_type=client_credentials&scope=system%2FPatient.read

To this url: tokenURL = "https://authorization.cerner.com/tenants/ec2458f2-1e24-41c8-b71b-0e701af7583d/protocols/oauth2/profiles/smart-v1/token"

I am trying to do the sandbox jwt auth.
This post has been answered by Matthew Beermann-Oracle on Sep 25 2025
Jump to Answer
Comments
Post Details
Added on Sep 25 2025
#authorization
11 comments
118 views
1 mention