From 73411fd7e24fec7ff19ab68634b60cb92b27cf00 Mon Sep 17 00:00:00 2001
From: Shivam Tiwari <57143602+stiwarisemanticbits@users.noreply.github.com>
Date: Mon, 3 Jun 2024 17:34:22 -0400
Subject: [PATCH] BB2-3179: Update developer documentation for expired data
 grant (#357)

* BB2-3179: Update developer documentation for expired data grant error

* Fixed typo

* Fixed more typo

* updated quotes
---
 _pages/developers.md | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/_pages/developers.md b/_pages/developers.md
index 0db12fdf..5e429b87 100644
--- a/_pages/developers.md
+++ b/_pages/developers.md
@@ -386,8 +386,8 @@ To retrieve an access token, POST to the BB2.0 /token endpoint providing the cod
 
 ##### cURL command
 ~~~
-curl -X "https://sandbox.bluebutton.cms.gov/v2/o/token/" \
--u "swBu7LWsCnIRfu530qnfPw1y5vMmER3lAM2L6rq2:<client_secret>" \
+curl -X POST "https://sandbox.bluebutton.cms.gov/v2/o/token/" \
+-u "<client_id>:<client_secret>" \
 -d "code=TSjqiZCdJwGyytGjz2GzziPfHTJ6z2&grant_type=authorization_code&redirect_uri=http://localhost:8080/testclient/callback"
 ~~~
 ##### Token response
@@ -417,8 +417,8 @@ To retrieve a new refresh token, POST to the BB2.0 API `/token` endpoint with th
 ##### cURL command
 ~~~
 curl -X POST "https://sandbox.bluebutton.cms.gov/v2/o/token/" \
--u "swBu7LWsCnIRfu530qnfPw1y5vMmER3lAM2L6rq2:<client_secret>" \
--d "grant_type=refresh_token&refresh_token=wDimPGoA8vwXP51kie71vpsy9l17HN”
+-u "<client_id>:<client_secret>" \
+-d "grant_type=refresh_token&refresh_token=wDimPGoA8vwXP51kie71vpsy9l17HN"
 ~~~
 ##### Token response 
 
@@ -459,6 +459,20 @@ Response (unsuccessful with 401 status code):
 ~~~
 If you receive this message, double-check that the request looks correct. If everything looks correct, email [bluebuttonapi@cms.hhs.gov](mailto:bluebuttonapi@cms.hhs.gov), and the Blue Button 2.0 API team can help troubleshoot.
 
+##### Expired Data Access Grant
+
+If an application's authorization for accessing user data has expired, the corresponding access token will not be able to be refreshed. Attempts to refresh that token will result in the following error message:
+
+Response (unsuccessful with 400 status code):
+```
+{
+  "status_code": 400,
+  "error": "invalid_grant",
+  "error_description": "The authorization for accessing user data has expired. To refresh Medicare data, the end user must re-authenticate and consent to data sharing."
+}
+```
+To re-authorize refer to [link](#user-authorization)
+
 #### Expire authenticated user for sandbox testing
 
 For testing in our sandbox, you can use the `/expire_authenticated_user` endpoint that expires the authorization granted by a patient user.
@@ -478,8 +492,8 @@ POST to the BB2.0 API `/expire_authenticated_user` endpoint with the following p
 ##### cURL command
 ~~~
 curl -X POST "https://sandbox.bluebutton.cms.gov/v2/o/expire_authenticated_user/-20140000000001/" \
--u "swBu7LWsCnIRfu530qnfPw1y5vMmER3lAM2L6rq2:\<client_secret\>" \
--H “Content-Length: 0”
+-u "<client_id>:<client_secret>" \
+-H "Content-Length: 0"
 ~~~
 ##### Response 
 
@@ -1349,4 +1363,4 @@ This implementation guide describes the CARIN Blue Button® Framework and Common
 
 ---
 
- <a id="footnote-1"></a><sup>1</sup> Jama Health Forum, “Addressing Challenges in Primary Care—Lessons to Guide Innovation” [https://jamanetwork.com/journals/jama-health-forum/fullarticle/2795471](https://jamanetwork.com/journals/jama-health-forum/fullarticle/2795471), August 19, 2022
\ No newline at end of file
+ <a id="footnote-1"></a><sup>1</sup> Jama Health Forum, "Addressing Challenges in Primary Care—Lessons to Guide Innovation" [https://jamanetwork.com/journals/jama-health-forum/fullarticle/2795471](https://jamanetwork.com/journals/jama-health-forum/fullarticle/2795471), August 19, 2022
\ No newline at end of file