403 - Authorization Error - OAuth2.0 - Access Token - Azure Api For Fhir

此生再无相见时 提交于 2020-04-30 06:37:47

问题


I have deployed and configured Azure API for FHIR using this link - https://docs.microsoft.com/en-gb/azure/healthcare-apis/tutorial-web-app-fhir-server

Using postman i am able to successfully insert a patient information into fhir-server.

To automate it I am using python and client service flow.

   def get_access_token(self):

        token_url = 'https://login.microsoftonline.com/{}/oauth2/v2.0/token'.format(azure_app_tenant_id)

        token_data = {
        'grant_type': 'client_credentials',
        'client_id': azure_app_client_id,
        'client_secret': azure_app_client_secret,
        'scope': fhir_endpoint_url + "/.default",

        }

        token_r = requests.post(token_url, data=token_data)

        log.info("Retrieving Access Token")
        if token_r.status_code == 200:
            log.info("Access Token Retrieved Successfully")
        else:
            raise Exception("Error retrieving access token")

        print(token_r.json()["access_token"])
        return token_r.json()["access_token"]

i am able to get an access token using get_access_token. However, when i use the access_token and insert patient record, its throwing Authorization Failed - 403 error.

    def insert_patient_record(self, payload):
        log.info("Inserting Patient Record")
        headers = {
            'Authorization': 'Bearer {}'.format(self.get_access_token()),
            'Content-Type': 'application/json'
        }

        response = requests.request("POST", fhir_endpoint_url, headers=headers, data=payload)
        print("Response Code: ", response.status_code)
        if response.status_code == 200:
            log.info("Patient Record inserted Successfully")
        else:
            print("Response Text: ", response.text)
            raise Exception("Error inserting patient record")

Response Text:  {"resourceType":"OperationOutcome","id":"24515888da8e954da1e763d96193155b","issue":[{"severity":"error","code":"forbidden","diagnostics":"Authorization failed."}]}

Note: In FHIR-Server Authentication section, i have added the Object ID of the Registered APP which i earlier created in ADD.


回答1:


It looks like you have not added the (correct) object id of the registered application. Importantly, the application registration has an object id, but so does the service principal. It is the application id for the service principal you are looking for.

Check instructions here:

https://docs.microsoft.com/en-us/azure/healthcare-apis/find-identity-object-ids

You can find it the service principal object id with PowerShell:

$(Get-AzureADServicePrincipal -Filter "AppId eq 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'").ObjectId

or the Azure CLI:

az ad sp show --id XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX | jq -r .objectId

I would also recommend pasting your token into something like https://jwt.ms and look at the oid claim. Is that the object id you added?



来源:https://stackoverflow.com/questions/61323003/403-authorization-error-oauth2-0-access-token-azure-api-for-fhir

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!