JWT Signature Creation for OAuth Call

Working on a project where I'm needing to make FHIR calls from my HealthConnect Interop production to Epic. 

My issue is I'm not able to construct a valid JWT for the OAuth token retrieval that Epic will accept. I have the below code where I'm able to create a valid header and payload that I'm base64URL encoding and then trying to sign with my .pem private key file. However, Epic is not liking the signature portion of my JWT.

As such, I wanted to present my code to see if I'm performing the signature steps correctly? I've seen some posts where the %Net.JSON JWT specific classes were used to generate the token, but I am thinking this method should work?

Any thoughts on this issue, or insight from other folks who have made OAuth calls from HealthConnect to Epic before, would be greatly appreciated! 

ClassMethod CreateJWT(pHostIn As %String) As Epic.Utils.JWTHeader
{
        
//Set Headers using message class I created.
set Header = ##class(Epic.Utils.JWTHeader).%New()
set Header.alg = "RS384"
Set Header.typ = "JWT"

//Set Epic payload values using message class I created.
Set Payload = ##class(Epic.Utils.JWTPayload).%New()
Set Payload.iss = "<Client ID>"
set Payload.sub = "<Client ID>"
set Payload.aud = pHostIn
Set Payload.jti = $SYSTEM.Util.CreateGUID()
Set Payload.exp = ##class(%Library.UTC).SecondsSinceUnixEpoch($ztimestamp)+3500

//Convert the Header and Payload JSON to stings.
do Header.%JSONExportToString(.HeaderString)
do Payload.%JSONExportToString(.PayloadString)

//Concat the Header and Payload together with period and Base64URL encode them.
set PayloadToSign = $$$BASE64URLENCODE(HeaderString)_"."_$$$BASE64URLENCODE(PayloadString)

//Open the private key pem file to be used for the RSA signature.
Set File=##class(%Stream.FileBinary).%New()
set File.Filename = "/PrivateKey.pem"
set PVKey = File.Read($$$MaxLocalLength)

//sign the concatenated Header and Payload using the PVKey from the file.
Set RSASig=##class(%SYSTEM.Encryption).RSASHASign(384,PayloadToSign,PVKey)

//Base64URL encode the returned RSA signature.
set Signature = $$$BASE64URLENCODE(RSASig)

//Concat the original Header/Payload string with the Base64URL encoded signature.
Set JWT = PayloadToSign_"."_Signature

//Return the fully constructed JWT for the token call.
       Quit JWT
}