In attempting to upgrade from 0.5.0, I started receiving a 401 Unauthorized Exception when executing a plan definition. After debugging, I found that the fhirAuthorization clause specified by CDS Hooks (https://cds-hooks.hl7.org/ballots/2018May/specification/1.0/#fhir-resource-access) is no longer forming a proper request to the EHR. The hook request used to have the following format:
"fhirAuthorization": {
"access_token": "blah",
"token_type": "Bearer",
"expires_in": 300,
"scope": "patient/*.read",
"subject": "cds-service4"
}
Through a lot of trial and error, I eventually found I could modify the hook request like this and it would properly authenticate:
"fhirAuthorization": {
"access_token": "Bearer blah",
"token_type": "Authorization",
"expires_in": 300,
"scope": "patient/*.read",
"subject": "cds-service4"
}
This does not match the 1.0 or current draft specification for CDS Hooks. If CQF Ruler requires a different syntax, can you add documentation somewhere? This is unexpected.
In attempting to upgrade from 0.5.0, I started receiving a 401 Unauthorized Exception when executing a plan definition. After debugging, I found that the fhirAuthorization clause specified by CDS Hooks (https://cds-hooks.hl7.org/ballots/2018May/specification/1.0/#fhir-resource-access) is no longer forming a proper request to the EHR. The hook request used to have the following format:
Through a lot of trial and error, I eventually found I could modify the hook request like this and it would properly authenticate:
This does not match the 1.0 or current draft specification for CDS Hooks. If CQF Ruler requires a different syntax, can you add documentation somewhere? This is unexpected.