Skip to Main Content
Forums

SMART Launch

Announcement

For information related to the Oracle Partner Network (OPN) Industry Healthcare Track please visit our OPN Industry Healthcare Program page.

For specific questions related to Oracle Partner Network (OPN), please contact Partner Assistance.

Millennium FHIR and non-FHIR API Specifications and Supporting Documents can be found HERE on docs.oracle.com
Soarian FHIR API Specifications and Supporting Documents can be found HERE on docs.oracle.com.

Token scope missing "openid" scope and id_token

Denis Witanra4 hours ago

Workflow / API Calls

Reminder:
If this issue refers to a client domain or EHR activity (not the public sandbox), please do not include API request data or live patient data.

Background Information

Failure to provide complete answers may impact our ability to respond in a timely and effective manner.

Developer Issue Summary

We have an application registered in the Cerner Code Console Sandbox and are encountering an issue during a Test Sandbox OAuth flow.

Issue Description

When requesting a token from the sandbox authorization endpoint, the response is missing the **openid** scope, and as a result, the **id_token** is not being returned.

This issue only occurs in the sandbox environment. Calling the same endpoint via https://code-console.cerner.com/ returns the expected response.

Application Details

  • Application Name: SMART on FHIR Preprod
  • Application Owner: Press Ganey
  • Application ID: 161a34b7-5b89-4015-9f88-23287a51ee38
  • Client ID: a529ad11-02a4-4dae-9dcb-aeb877337e09

Authorization Endpoint Used

https://authorization.cerner.com/tenants/dacc6494-e336-45ad-8729-b789ff8663c6/protocols/oauth2/profiles/smart-v1/token

Observed Behavior (Sandbox)

The scope returned from the token endpoint is:

launch online_access
patient/Condition.read
patient/Encounter.read
patient/MedicationRequest.read
patient/Observation.read
patient/Patient.read
patient/Procedure.read
user/Organization.read
user/Patient.read
user/Practitioner.read

Issues:

  • openid scope is missing
  • id_token is not included in the response

Expected Behavior (Code Console / Non-Sandbox)

Calling the same endpoint from https://code-console.cerner.com/ returns the correct scope:

launch online_access openid
patient/Condition.read
patient/Encounter.read
patient/MedicationRequest.read
patient/Observation.read
patient/Patient.read
patient/Procedure.read
profile
user/Organization.read
user/Patient.read
user/Practitioner.read
  • openid scope is present
  • id_token is returned as expected

Expected Result

The sandbox response should include the same scopes as the Code Console response, specifically:

  • openid
  • profile
  • An id_token in the token response

Actual Result

The sandbox response is missing:

  • openid scope
  • id_token

Example Timestamp

  • Date / Time: 2026-04-01 22:05:19.440

Partner & Organization Information

  • Oracle Partner Network Member: Yes
  • Partner / Company Name: Press Ganey
  • Industry Healthcare Path Enrolled: No
  • Oracle Health Millennium Platform (OHMP) Environment Access Technical Accelerator: No

Oracle Health Client Development

  • Developing on behalf of an Oracle Health client? No
Comments
Post Details
Added 4 hours ago
0 comments
9 views