SMART Authorization

Announcement

For information related to the Oracle Partner Network (OPN) Industry Healthcare Track please visit our OPN Industry Healthcare Program page.

For specific questions related to Oracle Partner Network (OPN), please contact Partner Assistance.

Millennium FHIR and non-FHIR API Specifications and Supporting Documents can be found HERE on docs.oracle.com.
Soarian FHIR API Specifications and Supporting Documents can be found HERE on docs.oracle.com.

Invalid Scope for System Client Credentials

Jay GustafsonMay 8 2025 — edited May 8 2025

Workflow or API calls:

Reminder: If this is referring to a client domain or EHR activity—not the public sandbox—do not include API request data or live patient data.

Background Information:

Failure to provide answers will impact our ability to respond in a timely and effective manner
Developer questions:

Are you an OPN Member? Yes
Have you signed up to be in the Healthcare Developer Track? IDK
Are you a registered Code Program member? Yes
Does your App have a presence on the Oracle Healthcare App Marketplace? No

Are you developing on behalf of an Oracle Health client?
If so, which client:

Application's Client ID and App ID, if relevant:

Application ID

45b4405e-a2c1-4d09-8bb5-b1935d5d50de

Client ID

a6e39ddf-46df-4a43-8f6f-e3263bbc28a6

Expected Result: Valid token

POST https://authorization.cerner.com/tenants/ec2458f2-1e24-41c8-b71b-0e701af7583d/protocols/oauth2/profiles/smart-v1/token

Content-Type: application/x-www-form-urlencoded

Accept: application/json

Authorization: Basic #REDACTED#

User-Agent: PostmanRuntime/7.43.4

Cache-Control: no-cache

Postman-Token: f6ea5555-6e05-41f6-8ba9-879fc6130978

Host: authorization.cerner.com

Accept-Encoding: gzip, deflate, br

Connection: keep-alive

Content-Length: 110

Cookie: #REDACTED#

grant_type=client_credentials&scope=system%2FObservation.read%20system%2FPatient.read%20system%2FPatient.write

Actual Result:

HTTP/1.1 400 Bad Request

Date: Thu, 08 May 2025 14:21:30 GMT

Content-Type: application/json;charset=UTF-8

Content-Length: 290

Connection: keep-alive

Set-Cookie: #REDACTED#

Expect-CT: enforce, max-age=30

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: OPTIONS, POST

Access-Control-Allow-Headers: Content-Type, Authorization, Accept, Cerner-Correlation-Id

Cache-Control: no-store

Pragma: no-cache

Cerner-Correlation-ID: dfab6c0b-8309-4017-b187-6090f329e706

Server: cloud_authorization_server1

{"error":"invalid_scope","error_uri":"https://authorization.cerner.com/errors/urn%3Acerner%3Aerror%3Aauthorization-server%3Aoauth2%3Atoken%3Aempty-scopes/instances/dfab6c0b-8309-4017-b187-6090f329e706?client=a6e39ddf-46df-4a43-8f6f-e3263bbc28a6&tenant=ec2458f2-1e24-41c8-b71b-0e701af7583d"}

This post has been answered by Alex Duhanov-Oracle on May 8 2025

Jump to Answer

Added on May 8 2025

#authorization, #authorization/scopes, #authorization/system-app

5 comments

692 views