How to Interoperate with CareEvolution

I've been trying to interoperate with careevoltion using their backend-services.
Spec: http://docs.smarthealthit.org/authorization/backend-services/

This involves creating a JWT (JSON Web Token) that I have been unable to do using %OAuth2.JWT:ObjectToJWT.

I downloaded jwt.pfx and then ran the following openssl commands to create some pem files.

openssl pkcs12 -in jwt.pfx -out file.nokey.pem -nokeys
openssl pkcs12 -in jwt.pfx -out file.withkey.pem

openssl rsa -in file.withkey.pem -out file.key

cat file.nokey.pem file.key > file.combo.pem3

I then ran some node code to create the private portions of the RSA key:

var fs = require('fs');
var rsaPemToJwk = require('rsa-pem-to-jwk');
var pem = fs.readFileSync('file.key');
console.log(pem);
var jwk = rsaPemToJwk(pem, {use: 'sig'}, 'private');
console.log(JSON.stringify(jwk));

C:\Users\Paul\Desktop\jwt>node rsa-pem-to-jwk.txt > c:\tmp\priv.txt

I then changed the node code so that it created the public portions of the RSA key.

var jwk = rsaPemToJwk(pem, {use: 'sig'}, 'public');

C:\Users\Paul\Desktop\jwt>node rsa-pem-to-jwk.txt > c:\tmp\public.txt

I then ran the following COS code:

KILL JOSE

S JOSE("keyalg")="RSA"
S JOSE("sigalg")="RS256"

S A=+$H-47117
S B=A*86400
S C=$P($HOROLOG,",",2)
S EPOCH=B+C
// add 4 minutes
S D=60*4
S EPOCH=EPOCH+D

set body=##class(%DynamicObject).%New()
do body.%Set("iss","JWTClientCredentials","string")
do body.%Set("aud","https://fhir.careevolution.com/Master.Adapter1.WebClient/identityserver/connect/token","string")
do body.%Set("exp",EPOCH,"string") // 1516032893
do body.%Set("nbf",EPOCH,"string") // 1516032893
do body.%Set("jti","db5ba9b3-602c-4b5f-beb9-4e8d76028c01","string")
do body.%Set("sub","07e5a735-a4f7-e711-8136-0a69c1b3225b","string")
do body.%Set("user_name","psimon","string")
do body.%Set("clientid","JWTClientCredentials","string")

// copied from /tmp/priv.txt (node output)

s localpriv="{ ""kty"": ""RSA"", ""n"": ""s0hguxNL5Xb6_Fk3u_fnZrUXuRnjj1wIEGXlsnqbu4rptiDYeX9dEQm29eDe5fhXWjrPtU33WA_zz0Y9R5z7EaX4ZlZG7PlFlm5vu3bEu-qeuMp8Xb3hPMyND-87JGrbB1t5i-BgMpjQoelhYT8iqzE1fEtUGYyNn2dhSwIVwqIaRt4ly65oyW9Ea7VL92kmCEgUmIn-lrEfvygfbEL2H-9dW42dAMvEwLCQGM7iX1zuHRAH9Ec9kwnaBb2kfHzoSJXZm5WcuPYJIWZrvu1RbHcZBFff0GwCDTH1bfECmr6c-6BPeeUMw6resnbM4v3dTrbKD64HQbC33x4_Xs3pTQ"", ""e"": ""AQAB"", ""d"": ""FVOizh45hQ5mROaIDsAqsrkQHWDLBR65htnYPScAp4qayqOVnL5d38z8Cru5SDoGiiE83CBuL_eV1S5R09cEttC7f9D7lu0ALijs-avjM0dxoiHUMYKI7KaYkTCwJGDhtTpYdx810k8DYn9UqjDMevjbl_GOC4wAvNmbZUTWOdTDfVXm7D42vcUnh0e7nTYu7qGBRcfRrduzjBZMSddZoz8suWbJlQowUt6-bYOUPixeclML8oOKrtuQ_Y6fI-SNkaM5MrrJku-s1KXiOt5ZGXkpqE-PUQsw1DAzs6MfS6CcuFdYadlBd6sn6bOLNJN3DffDJQGHQUIUefTJ2I_YMQ"", ""p"": ""7CSQiUHeP_C2QBgQEsC_yF0Q1AFHmNEn9ua0lJ20LJSu7zzYCdE6E5X-j-9w37nzdzOClceEI2-2OAvV_Ukh3R78q9_-Mtc9AUk2BunwzfaAdJHl0YT0IpJEI-IluMpOX9RETTK3KXpjOFBefHOeHS0DyWLRXDaAt2k_9c1Q1Lc"", ""q"": ""wlvJ3Ap_i1vxt5q6zRT6JBxstvXLi0hQgHZnchvNluOfhzBTfYTSiK0n6Od-yj1c90iZt97B4XKWfps29xwd6wqS6X-QtG59AvlU0IOH4FSoYvyVy4yqpMSzAjgmhwZRi-API7XWd1KSmkTB8t-XfdxjdnC6kM62MqtsdC-Vhs"", ""dp"": ""WFFomV1AQUvG7fvR7yGV2Nst0wzTeU0olEg-26KL42yMbL-l0S4meXLM7YpQ_evvKfLi8R_YxOQgE6AhnYR_nNLdD29MBDnKADQgd7-BJ5b8_hwfBxihslhgEcef8hf_7glWrkS8ik_S0hoE7KjVRvYyB1zlDob35yD_IfBzPcs"", ""dq"": ""h5_NiIK65eBPGDQczicpNjGvmyyB0LuxkTMOlI3aNMS5-Xg7ioc48q8B_oAr9axERzqeKbSDznJLmiVtgZpZNj62rcGalI3VJlIeYTKnil8I8aoYTWXnXf5bNY2sTV32NQfIkHmMxOSqhqoz4Wia0a9tyfJ_FUG8urMT6dUkPKk"", ""qi"": ""WsLO8yNdoSMF3sYAISKhx_NJ5ua6PISaezUpYk6WgENHfUnwXXiDpDgx8AKae2vRpPaGoHhJkiih5JHTtVWNGUXB0-DItnX0jodM78NT31XefKuE4Pg6nLtrpPlQpRqL6Gj1en2FcVtQ5TblOaFO9dkBoBB-gGWK9dy0WPR5D9w"" }"

// copied from /tmp/public.txt (node output)

s localpub="
{""kty"":""RSA"",""use"":""sig"",""n"":""ALaMFdNTmzUu1wnMGNmsIkBMJUS4EdMAe2HXpQ-k4aDk94znJuCi9OJnJQU4lm4nqgEWdzMVVQMlqZ3ihlXx5vpFzmb4m4EkAcmK0ULVCLL9QRqvuwbOjeXW8pJlcH-EAQKnkMzF6GbtmmDubK46bx2GaQh8rLYAfLvoIwXfyrXIday2VdRNz_3yGzLoxr5QxcFml46479mY3xXwmTSMvVNHEN4F1xPnsLQoNPH3guA104dm8S-f2z_vczHBdSrgiJibesdOP3ugYlxJvDDT3WSf3WW7cjAn8M3vZmCNTPWe6JEewsc6cDBiFWn9UUomulFUV_uucTsV_NXMd8nQ_Hs"",""e"":""AQAB""}"

SET ST=##class(%OAuth2.JWT).ObjectToJWT(.JOSE,.body,localpriv,localpub,.JWT)

If you run the above code in a terminal session - it does *not* work:

USER>d $system.OBJ.DisplayError(ST)

ERROR #5002: Cache error: <INVALID OREF>zGetJWK+2^%OAuth2.JWT.1

Killing JOSE and re-running the code works ... however, the JWT is invalid since I cannot get the POST that contains the JWT to successfully return an access_token?

USER>K JOSE

USER>SET ST=##class(%OAuth2.JWT).ObjectToJWT(.JOSE,.body,localpriv,localpub,.JWT)

​USER>ZW JWT
JWT="eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJpc3MiOiJodHRwczovL2ZoaXIuY2FyZWV2b2x1dGlvbi5jb20vTWFzdGVyLkFkYXB0ZXIxLldlYkNsaWVudC8iLCJhdWQiOiJodHRwczovL2ZoaXIuY2FyZWV2b2x1dGlvbi5jb20vTWFzdGVyLkFkYXB0ZXIxLldlYkNsaWVudC8iLCJleHAiOiIxNTE2MTIxNjA5IiwibmJmIjoiMTUxNjEyMTYwOSIsImp0aSI6ImRiNWJhOWIzLTYwMmMtNGI1Zi1iZWI5LTRlOGQ3NjAyOGMwMSIsInN1YiI6IjA3ZTVhNzM1LWE0ZjctZTcxMS04MTM2LTBhNjljMWIzMjI1YiIsInVzZXJfbmFtZSI6InBzaW1vbiIsImNsaWVudGlkIjoiT0F1dGhUZXN0In0."

So, can anyone please tell me what I'm doing wrong here?
To summarise what I'm trying to do is use the pfx cert to sign the JWT and then use that JWT to get hold of an access_token.
The attached C# code will apparently create a JWT that will work with careevolutions back-end services - but so far I've been unable to compile the code in VS-2017.

Finally, can Cache can be configured to support back-end services (similar to the above).
Spec: http://docs.smarthealthit.org/authorization/backend-services/

Thanks,
-- Paul.

  • 0
  • 0
  • 302
  • 1
  • 1

Answers

I found method GetJWT gets called with localpriv and localpub as parameters

ClassMethod GetJWK(JWKS As %DynamicObject, Alg As %String, Kid As %String) As %DynamicObject
{
 Set arr=JWKS.keys                ;line +1
 Set iter=arr.%GetIterator()      ;line +2

 

But there is no array keys  and no %DynamicArray object found. 
so it fails on  %GetIterator().

              my guess {"keys":[  .... ]}  could be the solution. 

w localpriv
{ "kty": "RSA"
, "n": "s0hguxNL5Xb6_Fk3u_fnZrUXuRnjj1wIEGXlsnqbu4rptiDYeX9dEQm29eDe5fhXWjrPtU33WA_zz0Y9R5z7EaX4ZlZG7PlFlm5vu3bEu-qeuMp8Xb3hPMyND-87JGrbB1t5i-BgMpjQoelhYT8iqzE1fEtUGYyNn2dhSwIVwqIaRt4ly65oyW9Ea7VL92kmCEgUmIn-lrEfvygfbEL2H-9dW42dAMvEwLCQGM7iX1zuHRAH9Ec9kwnaBb2kfHzoSJXZm5WcuPYJIWZrvu1RbHcZBFff0GwCDTH1bfECmr6c-6BPeeUMw6resnbM4v3dTrbKD64HQbC33x4_Xs3pTQ"
, "e": "AQAB"
, "d": "FVOizh45hQ5mROaIDsAqsrkQHWDLBR65htnYPScAp4qayqOVnL5d38z8Cru5SDoGiiE83CBuL_eV1S5R09cEttC7f9D7lu0ALijs-avjM0dxoiHUMYKI7KaYkTCwJGDhtTpYdx810k8DYn9UqjDMevjbl_GOC4wAvNmbZUTWOdTDfVXm7D42vcUnh0e7nTYu7qGBRcfRrduzjBZMSddZoz8suWbJlQowUt6-bYOUPixeclML8oOKrtuQ_Y6fI-SNkaM5MrrJku-s1KXiOt5ZGXkpqE-PUQsw1DAzs6MfS6CcuFdYadlBd6sn6bOLNJN3DffDJQGHQUIUefTJ2I_YMQ"
, "p": "7CSQiUHeP_C2QBgQEsC_yF0Q1AFHmNEn9ua0lJ20LJSu7zzYCdE6E5X-j-9w37nzdzOClceEI2-2OAvV_Ukh3R78q9_-Mtc9AUk2BunwzfaAdJHl0YT0IpJEI-IluMpOX9RETTK3KXpjOFBefHOeHS0DyWLRXDaAt2k_9c1Q1Lc"
,"q": "wlvJ3Ap_i1vxt5q6zRT6JBxstvXLi0hQgHZnchvNluOfhzBTfYTSiK0n6Od-yj1c90iZt97B4XKWfps29xwd6wqS6X-QtG59AvlU0IOH4FSoYvyVy4yqpMSzAjgmhwZRi-API7XWd1KSmkTB8t-XfdxjdnC6kM62MqtsdC-Vhs"
, "dp": "WFFomV1AQUvG7fvR7yGV2Nst0wzTeU0olEg-26KL42yMbL-l0S4meXLM7YpQ_evvKfLi8R_YxOQgE6AhnYR_nNLdD29MBDnKADQgd7-BJ5b8_hwfBxihslhgEcef8hf_7glWrkS8ik_S0hoE7KjVRvYyB1zlDob35yD_IfBzPcs", "dq": "h5_NiIK65eBPGDQczicpNjGvmyyB0LuxkTMOlI3aNMS5-Xg7ioc48q8B_oAr9axERzqeKbSDznJLmiVtgZpZNj62rcGalI3VJlIeYTKnil8I8aoYTWXnXf5bNY2sTV32NQfIkHmMxOSqhqoz4Wia0a9tyfJ_FUG8urMT6dUkPKk"
, "qi": "WsLO8yNdoSMF3sYAISKhx_NJ5ua6PISaezUpYk6WgENHfUnwXXiDpDgx8AKae2vRpPaGoHhJkiih5JHTtVWNGUXB0-DItnX0jodM78NT31XefKuE4Pg6nLtrpPlQpRqL6Gj1en2FcVtQ5TblOaFO9dkBoBB-gGWK9dy0WPR5D9w"
}

w localpub
{"kty":"RSA"
,"use":"sig"
,"n":"ALaMFdNTmzUu1wnMGNmsIkBMJUS4EdMAe2HXpQ-k4aDk94znJuCi9OJnJQU4lm4nqgEWdzMVVQMlqZ3ihlXx5vpFzmb4m4EkAcmK0ULVCLL9QRqvuwbOjeXW8pJlcH-EAQKnkMzF6GbtmmDubK46bx2GaQh8rLYAfLvoIwXfyrXIday2VdRNz_3yGzLoxr5QxcFml46479mY3xXwmTSMvVNHEN4F1xPnsLQoNPH3guA104dm8S-f2z_vczHBdSrgiJibesdOP3ugYlxJvDDT3WSf3WW7cjAn8M3vZmCNTPWe6JEewsc6cDBiFWn9UUomulFUV_uucTsV_NXMd8nQ_Hs"
,"e":"AQAB"
}

Comments

Thanks very much Robert - that's got me much further!

Script-1 (JWTToObject) creates an object from a valid JWT.
Script-2 (ObjectToJWT) contains Robert's fixes to localpub and localpriv.

Script-1:
ERROR #8897: No public key found for alg: RS256 (kid:)

Script-2:
ERROR #8896: No private key found for alg: RS256

So it seems to me as though its the node code that produces the private and public portions of the RSA key that's used in the localpub and localprov variables that's at fault?

Script-1.

s localpriv="{""keys"":[{""kty"":""RSA"",""use"":""sig"",""n"":""ALaMFdNTmzUu1wnMGNmsIkBMJUS4EdMAe2HXpQ-k4aDk94znJuCi9OJnJQU4lm4nqgEWdzMVVQMlqZ3ihlXx5vpFzmb4m4EkAcmK0ULVCLL9QRqvuwbOjeXW8pJlcH-EAQKnkMzF6GbtmmDubK46bx2GaQh8rLYAfLvoIwXfyrXIday2VdRNz_3yGzLoxr5QxcFml46479mY3xXwmTSMvVNHEN4F1xPnsLQoNPH3guA104dm8S-f2z_vczHBdSrgiJibesdOP3ugYlxJvDDT3WSf3WW7cjAn8M3vZmCNTPWe6JEewsc6cDBiFWn9UUomulFUV_uucTsV_NXMd8nQ_Hs"",""e"":""AQAB"",""d"":""WSQxKEAkg6T651LeM7VmCGXmsRb9xT7wAUhv1yLZ91q4M_tQtdN9p-1cW59VfjcqQlu5G53oJKBIosvSc7er5j0eXJQ8Q6TUppl-NJeZJuaa2zBDMUC-dCUx0SFt_Sb141j2Ubi3E0Ql5f2n3rC0QAO52KYhJMM6Jfxm1eCBuaB0STT9LE-APh0K_wDuyEOFJD52pVOKuUy_v_vDaK4ssfcz-Yq_V1R9H1reu2bHdgMKEYZhkM4d4faVa52pQJvu0M-sm892RYNh34szLLDaKHPmgZgTdtuppZmo0QYuUeFS2fy461GGfQh92dSIgl7H8Gyz6RC07PPwUTaIphLgcQ"",""p"":""APX_qgTRt5bzWb_Xch0hyMgHbMqjfKfavX6AbUv1-Yabn9_Q9XyFx3h7ymDAI2ilTmwjKpdi80izifuKFPV0z6EnLIbebdVGb3MeYBBRmBlx3pfSnx7RI9OAscRm_2xV0j21pP5mknj86VR4MHwmF4BeU-6U-TopwGYldnvyNuVD"",""q"":""AL34BdumlQCkSlr0-kq7E_NksOFTn8qf4tUKDMQFkVbC4oXD33qwAxUtPVfePYJ6XbAqCaB2oPO5ASNC4_-sTCav7Xk6s0xnG_clTGqXS8Xr8Gtwa9Z2oPvUrHFn6XEtnPAi54R-xxmqVSyIKLF5FMiKzmXRw9BWCHETO1bgdfxp"",""dp"":""ALRaLJw75Q2WfEZZ_h-9lSaRywEFu26UwDjujzMRs08s6Zl96XzR19xNZaJpO4yNJWHCpoc21IaImrEAGz2Z1l-gCNUYXg3vBeawbl2IdKqzAS7uDBrb2hhGUg5cNQeIJAt6EO0y5lAtnCOBuopKoxBKF97i-ZXa5mP9M1DL09Nh"",""dq"":""RGTGXyVjYd7EcmjesAcYkLmAwS8lSYM03HSI0g4bHHx_p580l2xFP9uQyVDXHmHF10XbP21WV0kVMsfDZGp45DjUq5_Jq8k3lUxVbc7Y1gIzBcts18LQBLq19wJtVnUQmphGeDpYnlHn5meDFxo7tFPdKWVTNW-0DFnbNFUNxXk"",""qi"":""AN40QpNLLrSHeiHJ_dLobYjX3TGs1BkdH2qu3lt6TlTtSBEjcwg0g_xxkieM-cPpfOCH0NTBfTZM9TTp4u4ncAbWlaw2Ny4VOKSk1AGVnqxzc3KPdvzng244cYq0YGu1UZyU8Oe8m4MrVyxLy0PD1gG3n6fx93o9QBDm2I2QGou1""}]}"
 
s localpub="{""keys"":[{""kty"":""RSA"",""use"":""sig"",""n"":""ALaMFdNTmzUu1wnMGNmsIkBMJUS4EdMAe2HXpQ-k4aDk94znJuCi9OJnJQU4lm4nqgEWdzMVVQMlqZ3ihlXx5vpFzmb4m4EkAcmK0ULVCLL9QRqvuwbOjeXW8pJlcH-EAQKnkMzF6GbtmmDubK46bx2GaQh8rLYAfLvoIwXfyrXIday2VdRNz_3yGzLoxr5QxcFml46479mY3xXwmTSMvVNHEN4F1xPnsLQoNPH3guA104dm8S-f2z_vczHBdSrgiJibesdOP3ugYlxJvDDT3WSf3WW7cjAn8M3vZmCNTPWe6JEewsc6cDBiFWn9UUomulFUV_uucTsV_NXMd8nQ_Hs"",""e"":""AQAB""}]}"
 
S JWT="eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlptTHktQndhUmFjVlBkdDF5Q0syWno1dWVpayJ9.eyJzdWIiOiJKV1RDbGllbnRDcmVkZW50aWFscyIsImp0aSI6IjNhNDk3YTk2LWNhNDgtNDVkNy1iMzRhLTMxZjVmOTNjODNmMyIsImlzcyI6IkpXVENsaWVudENyZWRlbnRpYWxzIiwiYXVkIjoiaHR0cHM6Ly9maGlyLmNhcmVldm9sdXRpb24uY29tL01hc3Rlci5BZGFwdGVyMS5XZWJDbGllbnQvaWRlbnRpdHlzZXJ2ZXIvY29ubmVjdC90b2tlbiIsImV4cCI6MTUxNjIyODcyMywibmJmIjoxNTE2MjIzMzIzfQ.hHnIXYvYdZ2p-WLuFQfeIQ9xfQqcdqzUh1_JT7s6T6yIpEE3JyBeBDKtLFKulFOoGU9cPiCrYGz0iwkmR2b3I_Q9KRSs1JvPjsZCeWQ9ocpKxK0WECqw4sYuvVVFxjer39BRp0YQLLcYgwST86KW_pPeV_ssLGX9G4iJNdy5JFsFO4w19HH_1MM8Aa_FUyimtawuMky9mfwtAzJ4GiP14FsfrafeRIAJsw693z_l9KhCNC-v8vJ_b4_iDREa3c6dCz5GEtANiv9phfzPUL2x7CHMHu-lENBvVNDtl0-Gt0HCD6RFf7NJeH7oYeKR2NpcCT93gCQhX32EMLr5eFJeBw"
 
K JOSE SET ST=##class(%OAuth2.JWT).JWTToObject(JWT,localpriv,localpub,.JOSE,.Body)
 
d $system.OBJ.DisplayError(ST)
 
ERROR #8897: No public key found for alg: RS256 (kid:).

Script-2.

KILL JOSE
S JOSE("sigalg")="RS256"

S A=+$H-47117 // (47117 = 01/01/1970)
// (60*60)*24 (total number of secs in a day)
S B=A*86400
S C=$P($HOROLOG,",",2)
S EPOCH=B+C
// add 4 minutes
S D=60*4
S EPOCH=EPOCH+D

set body=##class(%DynamicObject).%New()
do body.%Set("sub","JWTClientCredentials","string")
do body.%Set("jti","3a497a96-ca48-45d7-b34a-31f5f93c83f3","string")
do body.%Set("iss","JWTClientCredentials","string")
do body.%Set("aud","https://fhir.careevolution.com/Master.Adapter1.WebClient/identityserver/...","string")
do body.%Set("exp",EPOCH,"string")
do body.%Set("nbf",EPOCH,"string")

s localpriv="{""keys"":[{""kty"":""RSA"",""use"":""sig"",""n"":""ALaMFdNTmzUu1wnMGNmsIkBMJUS4EdMAe2HXpQ-k4aDk94znJuCi9OJnJQU4lm4nqgEWdzMVVQMlqZ3ihlXx5vpFzmb4m4EkAcmK0ULVCLL9QRqvuwbOjeXW8pJlcH-EAQKnkMzF6GbtmmDubK46bx2GaQh8rLYAfLvoIwXfyrXIday2VdRNz_3yGzLoxr5QxcFml46479mY3xXwmTSMvVNHEN4F1xPnsLQoNPH3guA104dm8S-f2z_vczHBdSrgiJibesdOP3ugYlxJvDDT3WSf3WW7cjAn8M3vZmCNTPWe6JEewsc6cDBiFWn9UUomulFUV_uucTsV_NXMd8nQ_Hs"",""e"":""AQAB"",""d"":""WSQxKEAkg6T651LeM7VmCGXmsRb9xT7wAUhv1yLZ91q4M_tQtdN9p-1cW59VfjcqQlu5G53oJKBIosvSc7er5j0eXJQ8Q6TUppl-NJeZJuaa2zBDMUC-dCUx0SFt_Sb141j2Ubi3E0Ql5f2n3rC0QAO52KYhJMM6Jfxm1eCBuaB0STT9LE-APh0K_wDuyEOFJD52pVOKuUy_v_vDaK4ssfcz-Yq_V1R9H1reu2bHdgMKEYZhkM4d4faVa52pQJvu0M-sm892RYNh34szLLDaKHPmgZgTdtuppZmo0QYuUeFS2fy461GGfQh92dSIgl7H8Gyz6RC07PPwUTaIphLgcQ"",""p"":""APX_qgTRt5bzWb_Xch0hyMgHbMqjfKfavX6AbUv1-Yabn9_Q9XyFx3h7ymDAI2ilTmwjKpdi80izifuKFPV0z6EnLIbebdVGb3MeYBBRmBlx3pfSnx7RI9OAscRm_2xV0j21pP5mknj86VR4MHwmF4BeU-6U-TopwGYldnvyNuVD"",""q"":""AL34BdumlQCkSlr0-kq7E_NksOFTn8qf4tUKDMQFkVbC4oXD33qwAxUtPVfePYJ6XbAqCaB2oPO5ASNC4_-sTCav7Xk6s0xnG_clTGqXS8Xr8Gtwa9Z2oPvUrHFn6XEtnPAi54R-xxmqVSyIKLF5FMiKzmXRw9BWCHETO1bgdfxp"",""dp"":""ALRaLJw75Q2WfEZZ_h-9lSaRywEFu26UwDjujzMRs08s6Zl96XzR19xNZaJpO4yNJWHCpoc21IaImrEAGz2Z1l-gCNUYXg3vBeawbl2IdKqzAS7uDBrb2hhGUg5cNQeIJAt6EO0y5lAtnCOBuopKoxBKF97i-ZXa5mP9M1DL09Nh"",""dq"":""RGTGXyVjYd7EcmjesAcYkLmAwS8lSYM03HSI0g4bHHx_p580l2xFP9uQyVDXHmHF10XbP21WV0kVMsfDZGp45DjUq5_Jq8k3lUxVbc7Y1gIzBcts18LQBLq19wJtVnUQmphGeDpYnlHn5meDFxo7tFPdKWVTNW-0DFnbNFUNxXk"",""qi"":""AN40QpNLLrSHeiHJ_dLobYjX3TGs1BkdH2qu3lt6TlTtSBEjcwg0g_xxkieM-cPpfOCH0NTBfTZM9TTp4u4ncAbWlaw2Ny4VOKSk1AGVnqxzc3KPdvzng244cYq0YGu1UZyU8Oe8m4MrVyxLy0PD1gG3n6fx93o9QBDm2I2QGou1""}]}
"

s localpub="{""keys"":[
{""kty"":""RSA"",""use"":""sig"",""n"":""ALaMFdNTmzUu1wnMGNmsIkBMJUS4EdMAe2HXpQ-k4aDk94znJuCi9OJnJQU4lm4nqgEWdzMVVQMlqZ3ihlXx5vpFzmb4m4EkAcmK0ULVCLL9QRqvuwbOjeXW8pJlcH-EAQKnkMzF6GbtmmDubK46bx2GaQh8rLYAfLvoIwXfyrXIday2VdRNz_3yGzLoxr5QxcFml46479mY3xXwmTSMvVNHEN4F1xPnsLQoNPH3guA104dm8S-f2z_vczHBdSrgiJibesdOP3ugYlxJvDDT3WSf3WW7cjAn8M3vZmCNTPWe6JEewsc6cDBiFWn9UUomulFUV_uucTsV_NXMd8nQ_Hs"",""e"":""AQAB""}]}"


SET ST=##class(%OAuth2.JWT).ObjectToJWT(.JOSE,.body,localpriv,localpub,.JWT)

d $system.OBJ.DisplayError(ST)

ERROR #8896: No private key found for alg: RS256.