Question
· Nov 19, 2024

How to create a signed JWT

I need to create a JWT to connect to EPIC FHIRserver sandbox.

https://fhir.epic.com/Documentation?docId=oauth2&section=BackendOAuth2Guide

You will generate a one-time use JSON Web Token (JWT) to authenticate your app to the authorization server and obtain an access token that can be used to authenticate your app's web service calls. There are several libraries for creating JWTs. See jwt.io for some examples.

The header and payload are then base64 URL encoded, combined with a period separating them, and cryptographically signed using the private key to generate a signature.

I attempted using this code:

ClassMethod test2() As %Status

{

    #Dim sigJOSE As %DynamicObject

    #Dim encJOSE As %DynamicObject

    #Dim claims As %DynamicObject

    Set ts = $ZTIMESTAMP  // 67161,81327.6633447

    Set exp = ##class(%OAuth2.Utils).TimeInSeconds(ts,300)

    Set nbf = ##class(%OAuth2.Utils).TimeInSeconds(ts,0)

    Set iat = ##class(%OAuth2.Utils).TimeInSeconds(ts,0)

    Set sigJOSE = {}

    Set sigJOSE.alg = "RS384"

    Set sigJOSE.typ = "JWT"

    Set header = sigJOSE.%ToJSON()

    Set claims = {}

    Set claims.iss = "863e73c5-9839-4b54-8205-c9404d2bb762"

    Set claims.sub = claims.iss

    Set claims.aud = "https://fhir.epic.com/interconnect-fhir-oauth/oauth2/token"

    Set claims.jti = "f9eaafba-2e49-11ea-8880-5ce0c5aee679"

    Set claims.exp = exp

    Set claims.nbf = nbf

    Set claims.iat = iat

    Set payload = claims.%ToJSON()

    //Set sigJWKS = ..MyKeys()

    //Set encJWKS = ""

    //Set tSC = ##class(%Net.JSON.JWT).Create(sigJOSE,{},claims,sigJWKS,encJWKS,.JWT)

    //Do $System.Status.DisplayError(tSC)

    Set bitLength = 384

    Set flags = 0

    Set tData = ##class(%SYSTEM.Encryption).Base64Encode(header,flags)_"."_##class(%SYSTEM.Encryption).Base64Encode(payload,flags)

    Set key = ..PrivateKey()

    //Set privKeyPassword = ""

    Set x = ##class(%SYSTEM.Encryption).RSASHA3Sign(bitLength, tData, key)

    zw

    Quit x

}

x does not look like the expected value

Discussion (5)1
Log in or sign up to continue

I have updated my code as follows:

ClassMethod test2() As %Status

{

    #Dim sigJOSE As %DynamicObject

    #Dim encJOSE As %DynamicObject

    #Dim claims As %DynamicObject

    Set ts = $ZTIMESTAMP  // 67161,81327.6633447

    Set exp = ##class(%OAuth2.Utils).TimeInSeconds(ts,300)

    Set nbf = ##class(%OAuth2.Utils).TimeInSeconds(ts,0)

    Set iat = ##class(%OAuth2.Utils).TimeInSeconds(ts,0)

    Set sigJOSE = {}

    Set sigJOSE.alg = "RS384"

    Set sigJOSE.typ = "JWT"

    Set header = sigJOSE.%ToJSON()

    Set claims = {}

    Set claims.iss = "863e73c5-9839-4b54-8205-c9404d2bb762"

    Set claims.sub = claims.iss

    Set claims.aud = "https://fhir.epic.com/interconnect-fhir-oauth/oauth2/token"

    Set claims.jti = "f9eaafba-2e49-11ea-8880-5ce0c5aee679"

    Set claims.exp = exp

    Set claims.nbf = nbf

    Set claims.iat = iat

    Set payload = claims.%ToJSON()

    //Set sigJWKS = ..MyKeys()

    //Set encJWKS = ""

    //Set tSC = ##class(%Net.JSON.JWT).Create(sigJOSE,{},claims,sigJWKS,encJWKS,.JWT)

    //Do $System.Status.DisplayError(tSC)

    Set bitLength = 384

    Set flags = 0

    Set tData = ##class(%SYSTEM.Encryption).Base64Encode(header,flags)_"."_##class(%SYSTEM.Encryption).Base64Encode(payload,flags)

    Set key = ..PrivateKey()

    //Set privKeyPassword = ""

    Set signature = ##class(%SYSTEM.Encryption).RSASHA3Sign(bitLength, tData, key)

    Set jwt = tData_"."_##class(%SYSTEM.Encryption).Base64Encode(signature,flags)

    Set pad = "="

    Set jwt = $Translate(jwt,pad,"")

    Set delim = $Char(13,10)

    For ii = 1:1:$Length(jwt,delim) {

        Write $Piece(jwt,delim,ii),!

    }

    Quit jwt

}