ERROR #9761: No key in provided JWKS for alg ES512 and kid

Question

Question

Oliver Wilms · Dec 15

I am trying to work with Epic on FHIR. Epic's documentation stated, your application makes a HTTP POST request to the authorization server's OAuth 2.0 token endpoint to obtain access token.

Set tSC = ##class(%SYS.OAuth2.Authorization).GetAccessTokenClient(pClient,pScopes,.prop,.err) returns

ERROR #9761: No key in provided JWKS for alg ES512 and kid

I check this /csp/sys/oauth2/OAuth2.JWTServer.cls?client_name=medbank and I see this:

{
  "keys": [
    {
      "kty": "RSA",
      "n": "znrmjuKwUAI3eH6OiLANiNDkGP6EC8HoA5sr5sEJwAuc3U3IPSQ2SsNgFmNtaArAc7tpovz3_IRxYKOQNz_riq0mBWhtdwc9hp-PAzQOix-cCRz69IXh3nErLrVJ777taO9ARzvxTmcjE_X3TkDq-F5F4fO7OwhvLsl1hjC3nmemkF-gVFD4DQumx84UkwHNu4astSvQrlqFAEvpjbHJ0LP-HNIZe6HP_wUPSCBnE_cFVjR2oxSV5SZEo_Blo2n0d02YVDrqBxccTWEhjbopBWv9JG0IWSL3M7AK7CAa5Oboeub02VBKwTtwNMRmcnKOOMAzDKa-gur7_S_HJWAnvQ",
      "e": "AQAB",
      "alg": "RS256",
      "use": "sig",
      "kid": "1"
    },
    {
      "kty": "RSA",
      "n": "znrmjuKwUAI3eH6OiLANiNDkGP6EC8HoA5sr5sEJwAuc3U3IPSQ2SsNgFmNtaArAc7tpovz3_IRxYKOQNz_riq0mBWhtdwc9hp-PAzQOix-cCRz69IXh3nErLrVJ777taO9ARzvxTmcjE_X3TkDq-F5F4fO7OwhvLsl1hjC3nmemkF-gVFD4DQumx84UkwHNu4astSvQrlqFAEvpjbHJ0LP-HNIZe6HP_wUPSCBnE_cFVjR2oxSV5SZEo_Blo2n0d02YVDrqBxccTWEhjbopBWv9JG0IWSL3M7AK7CAa5Oboeub02VBKwTtwNMRmcnKOOMAzDKa-gur7_S_HJWAnvQ",
      "e": "AQAB",
      "alg": "RS384",
      "use": "sig",
      "kid": "2"
    },
    {
      "kty": "RSA",
      "n": "znrmjuKwUAI3eH6OiLANiNDkGP6EC8HoA5sr5sEJwAuc3U3IPSQ2SsNgFmNtaArAc7tpovz3_IRxYKOQNz_riq0mBWhtdwc9hp-PAzQOix-cCRz69IXh3nErLrVJ777taO9ARzvxTmcjE_X3TkDq-F5F4fO7OwhvLsl1hjC3nmemkF-gVFD4DQumx84UkwHNu4astSvQrlqFAEvpjbHJ0LP-HNIZe6HP_wUPSCBnE_cFVjR2oxSV5SZEo_Blo2n0d02YVDrqBxccTWEhjbopBWv9JG0IWSL3M7AK7CAa5Oboeub02VBKwTtwNMRmcnKOOMAzDKa-gur7_S_HJWAnvQ",
      "e": "AQAB",
      "alg": "RS512",
      "use": "sig",
      "kid": "3"
    },
    {
      "kty": "RSA",
      "n": "znrmjuKwUAI3eH6OiLANiNDkGP6EC8HoA5sr5sEJwAuc3U3IPSQ2SsNgFmNtaArAc7tpovz3_IRxYKOQNz_riq0mBWhtdwc9hp-PAzQOix-cCRz69IXh3nErLrVJ777taO9ARzvxTmcjE_X3TkDq-F5F4fO7OwhvLsl1hjC3nmemkF-gVFD4DQumx84UkwHNu4astSvQrlqFAEvpjbHJ0LP-HNIZe6HP_wUPSCBnE_cFVjR2oxSV5SZEo_Blo2n0d02YVDrqBxccTWEhjbopBWv9JG0IWSL3M7AK7CAa5Oboeub02VBKwTtwNMRmcnKOOMAzDKa-gur7_S_HJWAnvQ",
      "e": "AQAB",
      "alg": "RSA1_5",
      "use": "enc",
      "kid": "4"
    },
    {
      "kty": "RSA",
      "n": "znrmjuKwUAI3eH6OiLANiNDkGP6EC8HoA5sr5sEJwAuc3U3IPSQ2SsNgFmNtaArAc7tpovz3_IRxYKOQNz_riq0mBWhtdwc9hp-PAzQOix-cCRz69IXh3nErLrVJ777taO9ARzvxTmcjE_X3TkDq-F5F4fO7OwhvLsl1hjC3nmemkF-gVFD4DQumx84UkwHNu4astSvQrlqFAEvpjbHJ0LP-HNIZe6HP_wUPSCBnE_cFVjR2oxSV5SZEo_Blo2n0d02YVDrqBxccTWEhjbopBWv9JG0IWSL3M7AK7CAa5Oboeub02VBKwTtwNMRmcnKOOMAzDKa-gur7_S_HJWAnvQ",
      "e": "AQAB",
      "alg": "RSA-OAEP",
      "use": "enc",
      "kid": "5"
    }
  ]
}

Previously I had a similar or same configuration return

{
"keys": [
{
"kty": "RSA",
"n": "znrmjuKwUAI3eH6OiLANiNDkGP6EC8HoA5sr5sEJwAuc3U3IPSQ2SsNgFmNtaArAc7tpovz3_IRxYKOQNz_riq0mBWhtdwc9hp-PAzQOix-cCRz69IXh3nErLrVJ777taO9ARzvxTmcjE_X3TkDq-F5F4fO7OwhvLsl1hjC3nmemkF-gVFD4DQumx84UkwHNu4astSvQrlqFAEvpjbHJ0LP-HNIZe6HP_wUPSCBnE_cFVjR2oxSV5SZEo_Blo2n0d02YVDrqBxccTWEhjbopBWv9JG0IWSL3M7AK7CAa5Oboeub02VBKwTtwNMRmcnKOOMAzDKa-gur7_S_HJWAnvQ",
"e": "AQAB",
"alg": "RS256",
"use": "sig",
"kid": "1"
},
{
"kty": "RSA",
"n": "znrmjuKwUAI3eH6OiLANiNDkGP6EC8HoA5sr5sEJwAuc3U3IPSQ2SsNgFmNtaArAc7tpovz3_IRxYKOQNz_riq0mBWhtdwc9hp-PAzQOix-cCRz69IXh3nErLrVJ777taO9ARzvxTmcjE_X3TkDq-F5F4fO7OwhvLsl1hjC3nmemkF-gVFD4DQumx84UkwHNu4astSvQrlqFAEvpjbHJ0LP-HNIZe6HP_wUPSCBnE_cFVjR2oxSV5SZEo_Blo2n0d02YVDrqBxccTWEhjbopBWv9JG0IWSL3M7AK7CAa5Oboeub02VBKwTtwNMRmcnKOOMAzDKa-gur7_S_HJWAnvQ",
"e": "AQAB",
"alg": "RS384",
"use": "sig",
"kid": "2"
},
{
"kty": "RSA",
"n": "znrmjuKwUAI3eH6OiLANiNDkGP6EC8HoA5sr5sEJwAuc3U3IPSQ2SsNgFmNtaArAc7tpovz3_IRxYKOQNz_riq0mBWhtdwc9hp-PAzQOix-cCRz69IXh3nErLrVJ777taO9ARzvxTmcjE_X3TkDq-F5F4fO7OwhvLsl1hjC3nmemkF-gVFD4DQumx84UkwHNu4astSvQrlqFAEvpjbHJ0LP-HNIZe6HP_wUPSCBnE_cFVjR2oxSV5SZEo_Blo2n0d02YVDrqBxccTWEhjbopBWv9JG0IWSL3M7AK7CAa5Oboeub02VBKwTtwNMRmcnKOOMAzDKa-gur7_S_HJWAnvQ",
"e": "AQAB",
"alg": "RS512",
"use": "sig",
"kid": "3"
},
{
"kty": "RSA",
"n": "znrmjuKwUAI3eH6OiLANiNDkGP6EC8HoA5sr5sEJwAuc3U3IPSQ2SsNgFmNtaArAc7tpovz3_IRxYKOQNz_riq0mBWhtdwc9hp-PAzQOix-cCRz69IXh3nErLrVJ777taO9ARzvxTmcjE_X3TkDq-F5F4fO7OwhvLsl1hjC3nmemkF-gVFD4DQumx84UkwHNu4astSvQrlqFAEvpjbHJ0LP-HNIZe6HP_wUPSCBnE_cFVjR2oxSV5SZEo_Blo2n0d02YVDrqBxccTWEhjbopBWv9JG0IWSL3M7AK7CAa5Oboeub02VBKwTtwNMRmcnKOOMAzDKa-gur7_S_HJWAnvQ",
"e": "AQAB",
"alg": "RSA1_5",
"use": "enc",
"kid": "4"
},
{
"kty": "RSA",
"n": "znrmjuKwUAI3eH6OiLANiNDkGP6EC8HoA5sr5sEJwAuc3U3IPSQ2SsNgFmNtaArAc7tpovz3_IRxYKOQNz_riq0mBWhtdwc9hp-PAzQOix-cCRz69IXh3nErLrVJ777taO9ARzvxTmcjE_X3TkDq-F5F4fO7OwhvLsl1hjC3nmemkF-gVFD4DQumx84UkwHNu4astSvQrlqFAEvpjbHJ0LP-HNIZe6HP_wUPSCBnE_cFVjR2oxSV5SZEo_Blo2n0d02YVDrqBxccTWEhjbopBWv9JG0IWSL3M7AK7CAa5Oboeub02VBKwTtwNMRmcnKOOMAzDKa-gur7_S_HJWAnvQ",
"e": "AQAB",
"alg": "RSA-OAEP",
"use": "enc",
"kid": "5"
}
]
}

How can I get JWKS to include ES512 algorithm?

Product version: IRIS 2024.1

$ZV: IRIS for UNIX (Ubuntu Server LTS for x86-64 Containers) 2024.1.2 (Build 398U) Thu Oct 3 2024 14:20:43 EDT [Health:7.2.0-3.m2024.1.2]

Discussion (1)1

Log in or sign up to continue

Oliver Wilms · Dec 16

I got this error, because I had the wrong value for Authentication signing algorithm. I changed it from ES512 to RS384.

0 0