Open datasmithtechgrp opened 4 weeks ago
Mac OS on client using Chrome FHIR server is Smile CDR deployed on AWS
Unfortunately the IG only describes the latest and greatest version that implementers should aim at. In this case we cannot "require" the use of PKCE-related parameters before we know that we are dealing with a server that supports PKCE. In fact, we want the client to explicitly declare that it wants to use it. That said, what you can try is:
pkceMode: "required"
to your authorize
callS256
in it's code_challenge_methods_supported
(https://build.fhir.org/ig/HL7/smart-app-launch/conformance.html)Let me know if that helps.
Describe the bug According to https://build.fhir.org/ig/HL7/smart-app-launch/app-launch.html#obtain-access-token, following parameter is required
it was not present in token request, and request was rejected as BAD Request
To Reproduce
Followed standard FHIR authorization workflow to connect to our deployed FHIR server.
Steps to reproduce the behavior. A few things to consider including: server is closed
HIR:oauth2 key: Jw*** common.js:113 FHIR:oauth2 Removed code parameter from the url. +2s common.js:113 FHIR:oauth2 Removed state parameter from the url. +0ms common.js:113 FHIR:oauth2 Preparing to exchange the code for access token... +0ms common.js:113 FHIR:oauth2 Public client detected; adding state.clientId to the POST body +1ms common.js:113 FHIR:oauth2 Token request options:
body : "code=b7d**&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Fredirect&client_id=patient-summary-ap
Expected behavior As per specifications, code_verifier parameter should have been present in request
Screenshots
Client-side (please complete the following information):
Server-side (please complete the following information):
Additional context Add any other context about the problem here. If you have links to any deployed tools or webpages, they would be good to include.