"Invalid launch options: TypeError [ERR_INVALID_ARG_TYPE]" while trying to call /token endpoint using OAuth2.0

Question

I am trying to make a FHIR call to a public FHIR server such as SMART Health IT. For that, I have a app that I have hosted using ngrok, and I am launching this app on their server using a custom client_id and client_secret. I am trying to fetch the access and refresh tokens from their /token endpoint using the below code snippet. However, I am getting the error -

{"error":"invalid_request","error_description":"Invalid launch options: TypeError [ERR_INVALID_ARG_TYPE]: The first argument must be of type string or an instance of Buffer, ArrayBuffer, or Array or an Array-like Object. Received undefined"}.

Why is this happening and how can I fix this and make the correct API call?

token_endpoint = "https://launch.smarthealthit.org/v/r4/auth/token" 

token_request_data = {
    "grant_type": "client_credentials",
    "redirect_uri": redirect_uri,
    "client_id": client_id,
    "client_secret": client_secret,
}
payload = {
    "iss": f"{client_id}",
    "sub": f"{client_id}",
    "aud": f"{token_endpoint}",
    "jti": str(uuid.uuid1()),
    "exp": time.time() + 60*5
}

jwt_token = jwt.encode(payload, key=client_secret, algorithm="RS384").decode()
grant_type = 'client_credentials'
client_assertion_type = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'.replace(':', "%3A")
body = 'grant_type=' + grant_type + '&client_assertion_type=' + client_assertion_type + '&client_assertion=' + jwt_token

token_response = requests.post(token_endpoint, data=body, headers={"Content-Type": "application/x-www-form-urlencoded"})

Note that I am using the requests library only in Python.

Answer 1

Pretty sure the root cause is you're using the wrong base URL of https://launch.smarthealthit.org/v/r4, as no CapabilityStatement is defined there. It appears you're trying to use Back-end OAuth, so your token call should be to https://launch.smarthealthit.org/v/r4/sim/WzQsIiIsIiIsIiIsMCwwLDAsIiIsIiIsIiIsIiIsIiIsIiIsIiIsMCwxXQ/fhir/auth/token.

While you're at it, a few other things:

1. Your JWT is missing the required header. Maybe jwt.encode() is handling that automatically but if not, the header needs to be present.
2. What's the point of the token_request_data object? It doesn't seem to be used anywhere.
3. You're signing the JWT with a client secret. If this is a typical secret like a password, that is incorrect. You should be signing it with a private key from a correctly-generated public-private key pair. (If you'll use the SMART sandbox, it'll need to be the key pair it has already generated.)