BB2-3179: Update developer documentation for expired data grant (#357)

* BB2-3179: Update developer documentation for expired data grant error * Fixed typo * Fixed more typo * updated quotes
CMSgov · Jun 3, 2024 · 73411fd · 73411fd
1 parent 32b16f0
commit 73411fd
Showing 1 changed file with 21 additions and 7 deletions.
diff --git a/_pages/developers.md b/_pages/developers.md
@@ -386,8 +386,8 @@ To retrieve an access token, POST to the BB2.0 /token endpoint providing the cod
 
 ##### cURL command
 ~~~
-curl -X "https://sandbox.bluebutton.cms.gov/v2/o/token/" \
--u "swBu7LWsCnIRfu530qnfPw1y5vMmER3lAM2L6rq2:<client_secret>" \
+curl -X POST "https://sandbox.bluebutton.cms.gov/v2/o/token/" \
+-u "<client_id>:<client_secret>" \
 -d "code=TSjqiZCdJwGyytGjz2GzziPfHTJ6z2&grant_type=authorization_code&redirect_uri=http://localhost:8080/testclient/callback"
 ~~~
 ##### Token response
@@ -417,8 +417,8 @@ To retrieve a new refresh token, POST to the BB2.0 API `/token` endpoint with th
 ##### cURL command
 ~~~
 curl -X POST "https://sandbox.bluebutton.cms.gov/v2/o/token/" \
--u "swBu7LWsCnIRfu530qnfPw1y5vMmER3lAM2L6rq2:<client_secret>" \
--d "grant_type=refresh_token&refresh_token=wDimPGoA8vwXP51kie71vpsy9l17HN”
+-u "<client_id>:<client_secret>" \
+-d "grant_type=refresh_token&refresh_token=wDimPGoA8vwXP51kie71vpsy9l17HN"
 ~~~
 ##### Token response 
 
@@ -459,6 +459,20 @@ Response (unsuccessful with 401 status code):
 ~~~
 If you receive this message, double-check that the request looks correct. If everything looks correct, email [bluebuttonapi@cms.hhs.gov](mailto:bluebuttonapi@cms.hhs.gov), and the Blue Button 2.0 API team can help troubleshoot.
 
+##### Expired Data Access Grant
+
+If an application's authorization for accessing user data has expired, the corresponding access token will not be able to be refreshed. Attempts to refresh that token will result in the following error message:
+
+Response (unsuccessful with 400 status code):
+```
+{
+  "status_code": 400,
+  "error": "invalid_grant",
+  "error_description": "The authorization for accessing user data has expired. To refresh Medicare data, the end user must re-authenticate and consent to data sharing."
+}
+```
+To re-authorize refer to [link](#user-authorization)
+
 #### Expire authenticated user for sandbox testing
 
 For testing in our sandbox, you can use the `/expire_authenticated_user` endpoint that expires the authorization granted by a patient user.
@@ -478,8 +492,8 @@ POST to the BB2.0 API `/expire_authenticated_user` endpoint with the following p
 ##### cURL command
 ~~~
 curl -X POST "https://sandbox.bluebutton.cms.gov/v2/o/expire_authenticated_user/-20140000000001/" \
--u "swBu7LWsCnIRfu530qnfPw1y5vMmER3lAM2L6rq2:\<client_secret\>" \
--H “Content-Length: 0”
+-u "<client_id>:<client_secret>" \
+-H "Content-Length: 0"
 ~~~
 ##### Response 
 
@@ -1349,4 +1363,4 @@ This implementation guide describes the CARIN Blue Button® Framework and Common
 
 ---
 
- <a id="footnote-1"></a><sup>1</sup> Jama Health Forum, “Addressing Challenges in Primary Care—Lessons to Guide Innovation” [https://jamanetwork.com/journals/jama-health-forum/fullarticle/2795471](https://jamanetwork.com/journals/jama-health-forum/fullarticle/2795471), August 19, 2022
+ <a id="footnote-1"></a><sup>1</sup> Jama Health Forum, "Addressing Challenges in Primary Care—Lessons to Guide Innovation" [https://jamanetwork.com/journals/jama-health-forum/fullarticle/2795471](https://jamanetwork.com/journals/jama-health-forum/fullarticle/2795471), August 19, 2022