Skip to Main Content
Forums

SMART Launch

Announcement

For information related to the Oracle Partner Network (OPN) Industry Healthcare Track please visit our OPN Industry Healthcare Program page.

For specific questions related to Oracle Partner Network (OPN), please contact Partner Assistance.

Millennium FHIR and non-FHIR API Specifications and Supporting Documents can be found HERE on docs.oracle.com
Soarian FHIR API Specifications and Supporting Documents can be found HERE on docs.oracle.com.

SMART Launch – Sandbox invalid-redirect-uri and Production unauthorized-client-for-tenant

Urvashi MurariMar 4 2026 — edited Mar 4 2026

Workflow or API calls:

Reminder: If this is referring to a client domain or EHR activity—not the public sandbox—do not include API request data or live patient data.

Hi,
We are implementing a SMART on FHIR Provider application (Authorization Code flow, R4).
We are getting two different errors-
Sandbox fails with redirect mismatch.
Production fails with unauthorized-client-for-tenant.

Testing is being performed via:

  • Code Console “Test Sandbox”

  • Hospital Production and MOCK domain

    Issue 1 – (Code Console Test and Hospital MOCK domain Testing)

When using the Test Sandbox button and also testing from hospitals's MOCK domain(here using hospital's non prod tenant ID), we receive:

urn:cerner:error:authorization-server:oauth2:grant:invalid-redirect-uri

The redirect URI configured in Code Console is exactly what is being sent in the authorization request.

Question:
Do Code Console redirect URI updates automatically apply to the Sandbox and Prod region of Hospital domains, or does Sandbox require manual refresh(I read this somewhere in your previous posts that update in redirect URI in code console only apply to the production region. The sandbox / non-prod region requires a manual refresh to reflect updated Redirect URI changes. ?) We have raised a SR to manually refresh SANDBOX/non prod application.

AND ISSUE 2- IN PROD TENANT
When launching against the hospital PROD tenant ID, we do not receive the invalid-redirect-uri error.

Instead, we receive: that APP is not whitelisted. The error message indicates that the application is not enabled/whitelisted for that tenant. However, the hospital has confirmed that the application is whitelisted in their system.

Questions:

  1. Does unauthorized-client-for-tenant strictly indicate a tenant-level enablement issue?
  2. Is additional activation required beyond Code Console registration?
  3. How can we verify whether a Client ID is fully enabled for a specific Millennium tenant in PROD?

AND THIRD QUESTION-
When using the Code Console “Test Sandbox” button:

  • Which environment/region is actually being hit?

    • Public Sandbox region?
    • Production region?
    • A separate sandbox region tied to the client?

  • Does the Test Sandbox flow use the public sandbox tenant exclusively, or does it reflect client-specific sandbox/non-prod configurations?

    Would appreciate your help here. Thank you.
Comments
Post Details
Added on Mar 4 2026
6 comments
689 views
1 mention