Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

With Postman #96

Open
vikram002 opened this issue Nov 15, 2022 · 6 comments
Open

With Postman #96

vikram002 opened this issue Nov 15, 2022 · 6 comments

Comments

@vikram002
Copy link

vikram002 commented Nov 15, 2022
edited
Loading

  1. What value should the client Id and Scope be while calling the graphir from Postman.
  2. Even after receiving the token with the user details from Azure AD; there is still Msal exception being thrown while triggering the request from the Banana POP Ui with valid token values.
@nirzaf
Copy link
Contributor

nirzaf commented Nov 15, 2022
edited
Loading

Client Id should be the App Registration's client Id [Not registered for Client app] and the scope should be {Your FHIR Base URL}/user_impersonation, you can define your own scope instead of user_impersonation.

Make sure you have defined the audience properly

@vikram002
Copy link
Author

vikram002 commented Nov 15, 2022
edited
Loading

App Registration complete.
Client App Registration complete.

Postman setup done accordingly; which is mentioned here. Added client id(App registration) .
I get the token now ; however when I pass the same from the Banana Pop UI settings and hit run ; it throws MSAL exception.

IDW10502: An MsalUiRequiredException was thrown due to a challenge for the user. See https://aka.ms/ms-id-web/ca_incremental-consent. ",

The token that I receive has user info but scope of only "scp": "User.Read",. It should have additional values in here right? Where is the miss?

@nirzaf
Copy link
Contributor

nirzaf commented Nov 17, 2022

Make sure you have defined your scope properly in your API permission under app registration to access the Azure Healthcare API
image

Is it working if you try to send a query directly from Postman instead of Bananacake Pop?

@vikram002
Copy link
Author

vikram002 commented Nov 17, 2022 via email

@vikram002
Copy link
Author

vikram002 commented Nov 17, 2022
edited
Loading

The token which is generated does not have the scope of the GraphAPI - user_impersonation. It only pulls the Microsoft.Graph scopes even after following all the steps mentioned in this repo.
Scope

@pjirsa
Copy link
Collaborator

pjirsa commented Dec 10, 2022

@vikram002 double check appsettings.json and make sure the FhirConnection section has the correct scope

"FhirConnection": {
    "BaseUrl": "https://chestist-fhir-api.azurehealthcareapis.com",
    "Scopes": "https://chestist-fhir-api.azurehealthcareapis.com/user_impersonation",
    "UseAuthentication": true,
    "ResultsLimit": "100"
  },

The scope MUST have the same root URL as your FHIR API.
Then, make sure that the app registration used in the AzureAD section includes permissions to "Azure Healthcare Apis" in the API permissions section.
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pjirsa @vikram002 @nirzaf