microsoft/fhir-server

AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption.

calvinShan opened this issue · 8 comments

Hi,

I download the smart applicaiton on my PC locally, and i try to use the local application Smart to connect to fhir service.
 The SPA redirect-URI is http://localhost:5000/sampleapp/index.html, which is exposed locally
 
I just try the test with your doc: https://learn.microsoft.com/en-au/azure/healthcare-apis/fhir/smart-on-fhir
The cross-origin is enabled and well configured in fhir server based on the doc

here are the errors:
scenario 1 : APP Error : AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption.
When I use the SAP authentication:

scenario 2 : App Error :
When I use the Web Authentication, However, when I tried the web platform registration, I encountered another error. I believe using a single-page application for authentication is the recommended approach
 
so how to resolve this pb when we use SAP authentification?

Regards,

@calvinShan - are you using SMART on FHIR proxy or SMART on FHIR (enhanced)? Reference: https://learn.microsoft.com/en-us/azure/healthcare-apis/fhir/smart-on-fhir

@calvinShan issue will be closed with no response in a week

@calvinShan - are you using SMART on FHIR proxy or SMART on FHIR (enhanced)? Reference: https://learn.microsoft.com/en-us/azure/healthcare-apis/fhir/smart-on-fhir

hello, I use the smart on fhir, downloading the app aspnet, setting up the app registration clientID/clientSecret, i think the problem is about the authentication mode of app registration, i tried both WEB and SAP mode, none of them could work

regards

Hi @calvinShan - we'll take a look at the issue and get back to you!

Hi @calvinShan - we need some more information in order to investigate the issue. We currently have two different versions of SMART on FHIR (please see https://learn.microsoft.com/en-us/azure/healthcare-apis/fhir/smart-on-fhir). SMART on FHIR proxy (https://learn.microsoft.com/en-us/azure/healthcare-apis/fhir/smart-on-fhir#smart-on-fhir-proxy) is turned on using Azure Portal and is being deprecated. SMART on FHIR (enhanced) is the new option and available from samples (https://github.com/Azure-Samples/azure-health-data-and-ai-samples/tree/main/samples/smartonfhir).

The SPA redirect-URI that you referenced "http://localhost:5000/sampleapp/index.html" is specific to SMART on FHIR Proxy. Please confirm if you are using SMART on FHIR Proxy or SMART on FHIR (Enhanced)? Additionally, are you using the OSS FHIR server(https://github.com/microsoft/fhir-server), or the managed service FHIR server(https://learn.microsoft.com/en-us/azure/healthcare-apis/fhir/overview)?

Hi @calvinShan - can you help answer above questions?

Hi @calvinShan - can you help answer above questions?

Hello, I used Fhir for proxy applicaiton and managed service FHIR server. I just downloaded the app and followed the commandes to run app

Regards

Hi @calvinShan, thanks for the info. SMART on FHIR proxy is a legacy option. We suggest you to adopt SMART on FHIR(Enhanced). SMART on FHIR (Enhanced) can be found here: https://github.com/Azure-Samples/azure-health-data-and-ai-samples/tree/main/samples/smartonfhir-oncg10-consolidated . Let me know if you still get this issue on the new SMART on FHIR Enhanced!