Skip to Main Content

SMART Authorization


For information related to the Oracle Partner Network (OPN) Industry Healthcare Track please visit our OPN Industry Healthcare Program page.

For specific questions related to Oracle Partner Network (OPN), please contact Partner Assistance.

How To Obtain First Refresh Token?

Jack ConleyDec 6 2023 — edited Dec 10 2023

Workflow or API calls:

I'm having some problems with retrieving an access token for the sandbox.

Initial Request:
'client_id': '{My_Client_ID}',
'redirect_uri': '',
'scope': 'openid online_access',
'iss': '{{ base_url }}',
'aud': '{{ base_url }}'

Base URL:

The authorization is approved, and I'm redirected to my URI with this ending:


I use this code to send a request to this endpoint when my URI is loaded:
@app.route('/store_cerner/<string:code>', methods=['POST'])
def store_cerner(code):
token_url = ""
client_id = "MY_CLIENT_ID"
client_secret = "MY_CLIENT_SECRET"

credentials = f"{client_id}:{client_secret}"
credentials_base64 = base64.b64encode(credentials.encode()).decode()

payload = {
"grant_type": "authorization_code",
"code": code,
'redirect_uri': 'my_uri',
"client_id": client_id

headers = {
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": f"Basic {credentials_base64}",

response =, data=payload, headers=headers)
token_data = response.json()
access_token = token_data["access_token"]
refresh_token = token_data["refresh_token"]

   # Do more stuff

When I have my scopes set to openid online_access, I get an error: 401 - {"message":"code=\"urn:cerner:error:oauth2:resource-access:expired\", error=\"invalid_token\", error_description=\"Token has expired\"","code":401}

But when I use openid offline_access, I get the access token successfully, but not a refresh token. My question is, what is the process for retrieving the first refresh token, and how could I modify my code to achieve this?



Post Details
Added on Dec 6 2023