Azure Health Data Services
An Azure offering that provides a suite of purpose-built technologies for protected health information in the cloud.
166 questions
Authentification issue with Azure Healthcare API FHIR service
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 14.000000000000002%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
cloudfanatic
161
Reputation points
I deploy HealthCare API and FHIR service which is under the HealthCare API service, I deploy it with the deploying it with the following ARM template:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"authorityurl": {
"type": "string",
"defaultValue": "https://login.microsoftonline.com"
},
"tagName": {
"type": "string",
"defaultValue": "${id}-healthcareapi"
},
"region": {
"type": "string",
"defaultValue": "${props.region}"
},
"workspaceName": {
"type": "string",
"defaultValue": "${id}"
},
"fhirServiceName": {
"type": "string",
"defaultValue": "${id}fhir"}, "tenantid": { "type": "string", "defaultValue": "${clientConfig.tenantId}" }, "storageAccountName": { "type": "string", "defaultValue": "${id}workspace" }, "storageAccountConfirm": { "type": "bool", "defaultValue": true }, "AccessPolicies": { "type": "array", "defaultValue": [] }, "smartProxyEnabled": { "type": "bool", "defaultValue": false } }, "variables": { "authority": "[Concat(parameters('authorityurl'), '/', parameters('tenantid'))]" }, "resources": [{ "type": "Microsoft.HealthcareApis/workspaces", "name": "[parameters('workspaceName')]", "apiVersion": "2021-06-01-preview", "location": "[parameters('region')]", "properties": {} }, { "type": "Microsoft.HealthcareApis/workspaces/fhirservices", "kind": "fhir-R4", "name": "[concat(parameters('workspaceName'), '/', parameters('fhirServiceName'))]", "apiVersion": "2021-06-01-preview", "location": "[parameters('region')]", "dependsOn": [ "[resourceId('Microsoft.HealthcareApis/workspaces', parameters('workspaceName'))]" ], "tags": { "environmentName": "[parameters('tagName')]" }, "properties": { "accessPolicies": "[parameters('AccessPolicies')]", "authenticationConfiguration": { "authority": "[variables('Authority')]", "audience": "[concat('https://', parameters('workspaceName'), '-', parameters('fhirServiceName'), '.fhir.azurehealthcareapis.com')]", "smartProxyEnabled": "[parameters('smartProxyEnabled')]" }, "corsConfiguration": { "allowCredentials": false, "headers": [], "methods": [], "origins": [] }, "exportConfiguration": {} } } ], "outputs": {} }
Then I create a service principal who has Role Assignment: "FHIR Data Contributor", in the HealtCareAPI
Then each time I try to work with the data, when I ping the FHIR from my local pc, using the service principal credentials I get the following error:
WWW-Authenticate: Bearer authorization_uri="https://login.microsoftonline.com/c43c6c83-55a3-49fa-8036-88d6a3484214", resource_id="https//verisdev-verisdevfhir.fhir.azurehealthcareapis.com", realm="https//verisdev-verisdevfhir.fhir.azurehealthcareapis.com", error="invalid_token", error_description="The audience 'https://verisdev-verisdevfhir.fhir.azurehealthcareapis.com' is invalid"
I am looking but can't figure out what is the issue, any help?
{count} votes
-
Oury Ba-MSFT 19,506 Reputation points Microsoft Employee2022-02-10T21:01:54.243+00:00 @cloudfanatic Thank you for posting your question on Microsoft Q&A and for using Azure Services.
You will need to assign an application role such as "FHIR Data Contributor" to the client app to access the FHIR service. Also did you check if you are using a correct API ?
Regards,
Oury -
Oury Ba-MSFT 19,506 Reputation points Microsoft Employee
2022-02-14T18:41:48.987+00:00 Hi @cloudfanatic Checking if you were able to check your permission role. Are you still facing the same error?
Regards,
Oury
Sign in to comment
Sign in to answer