Skip to Main Content
Forums

SMART Authorization

Announcement

For information related to the Oracle Partner Network (OPN) Industry Healthcare Track please visit our OPN Industry Healthcare Program page.

For specific questions related to Oracle Partner Network (OPN), please contact Partner Assistance.

Millennium FHIR and non-FHIR API Specifications and Supporting Documents can be found HERE on docs.oracle.com
Soarian FHIR API Specifications and Supporting Documents can be found HERE on docs.oracle.com.

DSTU2 to R4 migration of a provider app

Geoffrey CrawshawJun 19 2025 — edited Jun 23 2025

Workflow or API calls:

Background Information:

Our DSTU2 image upload app of type provider needs launch and redirect urls to redirect the users to the upload page. We want to migrate it to R4. When we change its sandbox config to R4 from DSTU2 the token URL end point stopped working and we cannot get an access token.

So we created another App of type System + R4, just to get the correct access token. We did the JWKS + JWT setup. Though we are getting the access token, the response of the token url end point does not have patient info for us to follow through the rest of the work flow. The rest of the work flow includes accessing /patient end point to get more patient info.

Questions:
Is creating another app of type system + R4, to get the access token, right approach? in this case?

If yes, how can we get the patient info in the response of the token url?
If no, then please suggest how to migrate a DSTU2 provider app with launch and redirect URLs to R4?

Additional info:

Client ID of the System + R4 app: 66413f4a-82d7-4edb-8262-545dd4be4c64
App ID of the Systems + R4 app: 137f0260-cff7-4b5e-93f7-1402f6ee4ef8

Client ID of the Provider + DSTU2 app: 631d5cb7-b4ea-4780-bc01-d261f49a1b7c
App ID of the Systems + DSTU2 app: 5928ba47-f6f3-40c4-89a5-4212ca469274

Token URL for the R4 app: https://authorization.cerner.com/tenants/ec2458f2-1e24-41c8-b71b-0e701af7583d/hosts/fhir-ehr-code.cerner.com/protocols/oauth2/profiles/smart-v1/token

Sample response of the token URL for the R4 app :

{
"access_token": "eyJ6aXAiO...omtr871g",
"scope": "system\\/Patient.read",
"token_type": "Bearer",
"expires_in": 570
}

Token URL of the DSTU2 app: https://authorization.cerner.com/tenants/ec2458f2-1e24-41c8-b71b-0e701af7583d/hosts/api.cernermillennium.com/protocols/oauth2/profiles/smart-v1/token

Sample response of the token URL for the DSTU2 app:

{ 
'tenant' => 'ec2458f2-1e24-41c8-b71b-0e701af7583d', 
'patient' => '12724065', 
'user' => '12742069', 
'smart_style_url' => 'https://smart.cerner.com/styles/smart-v1.json', 
'token_type' => 'Bearer', 
'expires_in' => 570, 
'active_ttl' => 46799, 
'username' => 'portal', 
'id_token' => 'eyJraWQiO....2X6WUoZVw', 
'scope' => 'launch online_access openid patient/Patient.read profile', 
'access_token' => 'eyJ6aXAi....ZKp6mI7dYNCeKVD-vn_ypQ', 
'refresh_token' => 'eyJpZCI6IjNi...pZGVyIn0=', 
'need_patient_banner' => bless( do{\(my $o = 1)}, 'JSON::XS::Boolean' ), 
'encounter' => '97953483' 
}

Expected Result:

  1. Token URL response to include patient info along with the access token
  2. Access to /patient with the access token obtained from step 1.

Actual Result:

{
"access_token": "eyJ6aXAiO...omtr871g",
"scope": "system\\/Patient.read",
"token_type": "Bearer",
"expires_in": 570
}
Comments
Post Details
Added on Jun 19 2025
2 comments
174 views
1 mention