Azure FHIR Proxy using Postman - 401 You do not have permission to view this directory or page

LooFunk 96 Reputation points
2021-02-19T16:15:15.943+00:00

I have set up an instance of Azure FHIR with an Azure FHIR proxy using this tutorial:

https://github.com/microsoft/health-architectures/tree/master/FHIR/FHIRProxy##configuration

I am unable to call the proxy without getting the following error message:

You do not have permission to view this directory or page.  

70144-image.png

I have created a token successfully using the following tutorial:

https://learn.microsoft.com/en-us/azure/healthcare-apis/access-fhir-postman-tutorial

I have created an app service principal in Azure with the permissions to access the FHIR proxy:

https://func-fhir-proxy-2.azurewebsites.net  

I am generating the token using the following in postman:

Auth URL: https://login.microsoftonline.com/e34c8e67-182a-4085-9dc0-39a38dddea12/oauth2/authorize/?resource=https://func-fhir-proxy-2.azurewebsites.net

Access Token URL: https://login.microsoftonline.com/e34c8e67-182a-4085-9dc0-39a38dddea12/oauth2/token

Client ID: 4d138742-44c0-42cb-9878-8647a1d2ef17

Client Secret: Well..that's a secret!

Scope: openid profile

State: 12345

70155-image.png

Postman returns 3 tokens: Access_token, Refresh_token, Id_token.

I have tried each token and all return the same 401 error.

ID token JWT looks like this:

70145-image.png

I have tried calling the FHIR proxy API's, due to the tutorial I am not 100% which are the correct URLs:

https://func-fhir-proxy-2.azurewebsites.net/api/fhirproxy/Patient

https://fhir-test-apis.azurehealthcareapis.com/Patient/

None of this works, I just keep getting the same error. Does anyone know what I am doing wrong? Should I be calling the FHIR proxy API using the token? If so, why is the API not letting me in?

Azure Health Data Services
Azure Health Data Services
An Azure offering that provides a suite of purpose-built technologies for protected health information in the cloud.
151 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Anurag Sharma 17,581 Reputation points
    2021-02-22T07:01:56.58+00:00

    Hi @LooFunk , welcome to Microsoft QnA forum.

    I was referring to the article you mentioned and below are the steps I followed and I was able to successfully access the FHIR server.

    1. Created the Azure API for FHIR (Link)
    2. Registered a service client application in Azure Active Directory (Link)
    3. Added roles through Access Control for FHIR Server (FHIR Data reader Role) to my user.
    4. Obtained the Access Token (Link)
    5. Able to access the below URL through postman get:

    https://xxxxxxxxx.azurehealthcareapis.com/Patient/

    Edit:

    Adding screenshot for more clarity:
    API Permission, please see if you have added both the permissions as mentioned in below screenshot:

    70522-image.png

    Access Control - Role Assignment. For reading the data, we can just add the 'FHIR Data Reader Role'

    70416-image.png

    Because comment is exceeding 1000 characters limit, I am writing it in answer section.

    Could you please let me know if you followed the same steps or other steps and we can discuss more?