· Jan 18, 2021

JSON Web Token Authorisation and Bearer Tokens


I am very much a newbe on the subject of JWT, so please except my ignorance.

The Trust I am currently working for wish to create a framework whereby they can create REST API Services, within HealthConnect, and grant access to these using JSON Web Token Authorisation and Bearer Tokens. This would be similar to the way the Trust currently connects to other REST API's, i.e.: DocMan Connect and GOV.UK Notify.

Can anyone offer any advice / sample code and / or point me into the direct of suitable documentation to achieve this?

Also, any advice on how to set-up and use OAuth and OpenID Connect would be very useful.


Thank you in advance.

Product version: HealthShare 2020.1
Discussion (4)3
Log in or sign up to continue

We have two Open Source products that will look after JWTs for you in the ways you are asking about (ie REST services with IRIS):

- QEWD, if you want to implement everything at the back-end in Node.js / JavaScript

- mgweb-server if you want to use ObjectScript logic for your back-end logic

For QEWD and IRIS, see:

In particular for REST services, see:

and specifically this section:

For mgweb-server, see:

specifically using with IRIS:

and within that document, this section on JWTs: