question

cloudfanatic-9332 avatar image
0 Votes"
cloudfanatic-9332 asked OuryBa-MSFT commented

Authentification issue with Azure Healthcare API FHIR service

I deploy HealthCare API and FHIR service which is under the HealthCare API service, I deploy it with the deploying it with the following ARM template:

{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"authorityurl": {
"type": "string",
"defaultValue": "https://login.microsoftonline.com"
},
"tagName": {
"type": "string",
"defaultValue": "${id}-healthcareapi"
},
"region": {
"type": "string",
"defaultValue": "${props.region}"
},
"workspaceName": {
"type": "string",
"defaultValue": "${id}"
},
"fhirServiceName": {
"type": "string",
"defaultValue": "${id}fhir"

              },

              "tenantid": {

                  "type": "string",

                  "defaultValue": "${clientConfig.tenantId}"

              },

              "storageAccountName": {

                  "type": "string",

                  "defaultValue": "${id}workspace"

              },

              "storageAccountConfirm": {

                  "type": "bool",

                  "defaultValue": true

              },

              "AccessPolicies": {

                  "type": "array",

                  "defaultValue": []

              },

              "smartProxyEnabled": {

                  "type": "bool",

                  "defaultValue": false

              }

          },

          "variables": {

              "authority": "[Concat(parameters('authorityurl'), '/', parameters('tenantid'))]"

          },

          "resources": [{

                  "type": "Microsoft.HealthcareApis/workspaces",

                  "name": "[parameters('workspaceName')]",

                  "apiVersion": "2021-06-01-preview",

                  "location": "[parameters('region')]",

                  "properties": {}

              },

              {

                  "type": "Microsoft.HealthcareApis/workspaces/fhirservices",

                  "kind": "fhir-R4",

                  "name": "[concat(parameters('workspaceName'), '/', parameters('fhirServiceName'))]",

                  "apiVersion": "2021-06-01-preview",

                  "location": "[parameters('region')]",

                  "dependsOn": [

                      "[resourceId('Microsoft.HealthcareApis/workspaces', parameters('workspaceName'))]"

                  ],

                  "tags": {

                      "environmentName": "[parameters('tagName')]"

                  },

                  "properties": {

                      "accessPolicies": "[parameters('AccessPolicies')]",

                      "authenticationConfiguration": {

                          "authority": "[variables('Authority')]",

                          "audience": "[concat('https://', parameters('workspaceName'), '-', parameters('fhirServiceName'), '.fhir.azurehealthcareapis.com')]",

                          "smartProxyEnabled": "[parameters('smartProxyEnabled')]"

                      },

                      "corsConfiguration": {

                          "allowCredentials": false,

                          "headers": [],

                          "methods": [],

                          "origins": []

                      },

                      "exportConfiguration": {}

                  }

              }

          ],

          "outputs": {}

      }

Then I create a service principal who has Role Assignment: "FHIR Data Contributor", in the HealtCareAPI

Then each time I try to work with the data, when I ping the FHIR from my local pc, using the service principal credentials I get the following error:

WWW-Authenticate: Bearer authorization_uri="https://login.microsoftonline.com/c43c6c83-55a3-49fa-8036-88d6a3484214", resource_id="https//verisdev-verisdevfhir.fhir.azurehealthcareapis.com", realm="https//verisdev-verisdevfhir.fhir.azurehealthcareapis.com", error="invalid_token", error_description="The audience 'https://verisdev-verisdevfhir.fhir.azurehealthcareapis.com' is invalid"

I am looking but can't figure out what is the issue, any help?

azure-api-fhirazure-healthcare-apis
· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

OuryBa-MSFT avatar image OuryBa-MSFT ·

@cloudfanatic-9332 Thank you for posting your question on Microsoft Q&A and for using Azure Services.

You will need to assign an application role such as "FHIR Data Contributor" to the client app to access the FHIR service. Also did you check if you are using a correct API ?

Regards,
Oury

0 Votes 0 ·
OuryBa-MSFT avatar image OuryBa-MSFT OuryBa-MSFT ·

Hi @cloudfanatic-9332 Checking if you were able to check your permission role. Are you still facing the same error?

Regards,
Oury

0 Votes 0 ·

0 Answers