Azure FHIR Proxy using Postman - 401 Authentication failed.

thomas magami 21 Reputation points
2022-09-26T20:25:39.907+00:00

I have created azure API for fhir server and added MS open source smart on fhir proxy on it.
I followed every step of this doc. https://github.com/microsoft/fhir-proxy/blob/v2.0/docs/setup.md

I can successfully retrieve the capability statement for my fhir server using a proxy URL(I don't want to expose my fhir server).

I'm using postman to retrieve the patient resource, but I"m getting 401 error station authetication failed.

I have fhir server named standalonetestingeastus2, a smart client named sfp-proxy3237-smart4-client, and a proxy as sfp-proxy3237.azurewebsites.net.

I'm generating an access token using this information. In auth URL I'm passing the Application ID of my client app sfp-proxy3237-smart4-client.(I also tried with the App ID of my proxy still no luck). I have added roles for my client app in azure fhir server standalonetestingeastus2 (FHIR DATA CONTRIBUTOR). I added it for both user and the app.
244886-image.png

When I retrieve the patient resource and use the access token generated by above info I'm getting 401 error(Authetication failed). Note: for this request body is empty
244944-image.png

These are my two applications in the enterprise balde.

244952-image.png

These are the roles that I assigned in fhir server for my app and user.
244918-image.png

API Permissions for my client.(sfp-proxy3237-smart4-client)
244908-image.png

Scopes for the client.
244897-image.png

These are app roles for the client.
244961-image.png

API permission for proxy.
244888-image.png

Scopes for proxy
244879-image.png

App role for the proxy
244924-image.png

I'm trying this since last week and still no luck. I will really appreciate your help. Thanks in advanced!

Azure Health Data Services
Azure Health Data Services
An Azure offering that provides a suite of purpose-built technologies for protected health information in the cloud.
148 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Steve Ordahl 6 Reputation points Microsoft Employee
    2022-09-28T18:40:46.5+00:00

    Hey I think your problem is the wrong client is assigned the FHIR Contributor role on the FHIR Server. So from the IAM blade for standalonetestingus2 fhir server, remove the role assignment for sfp-proxy3237-smart4-client then add the FHIR Data Contributor role to sfp-proxy3237.azurewebsites.net function app principal that should do it....

    There have also been several updates to the v2 branch so make sure you pull the latest and follow the instructions in the script deployments and use MSI that should automatically add the data contributor role during installation.

    -Steve O.

    1 person found this answer helpful.