User bio
404 bio not found
Member since Feb 13, 2025
Posts:
show all 2
Replies:
show all 11
Kevin Mayfield · Jan 13

Many thanks for posting. 

I'm getting 401 errors when I try a OAuth2 connection but this works fine using Basic Auth. 
The token appears to be fine and works with OAuth2 introspection endpoints.
 
Did you need to change anything in System->Security Management->Web Applications
I suspect I need to change my application to use JWT Authentication 
(my attempts on this, result in 404 Not Found)

Kevin Mayfield · Dec 18, 2025

Thanks for posting this. Have amended as follows to make use of %Net.JSON.JWT

Method GetJWT(KID, apiKey) As %String
{

    #Dim sigJOSE As %DynamicObject
    #Dim encJOSE As %DynamicObject
    #Dim claims As %DynamicObject


    s tPrivateKey=$G(^JWT(KID,"private"))
    
    set iat = ##class(%OAuth2.Utils).TimeInSeconds($ztimestamp,0)
    set exp = ##class(%OAuth2.Utils).TimeInSeconds($ztimestamp,300)
    s uuid = ##class(%SYSTEM.Util).CreateGUID()
  
    set tClaims = {
        "sub": (apiKey),
        "iss": (apiKey),
        "jti": (uuid),
        "aud": "https://int.api.service.nhs.uk/oauth2/token",
        "exp": (exp)
        }

    Set JOSE = {
        "alg": "RS512",
        "kid": (KID),
        "typ": "JWT"
    }
    
    Set tX509=##class(%SYS.X509Credentials).%New()
    Do tX509.PrivateKeySet(tPrivateKey)
    Set tStatus=##class(%OAuth2.JWKS).AddX509("RS512",tX509,.tPrivate)
    Set arr=##class(%DynamicAbstractObject).%FromJSON(tPrivate)
    Set iter=arr.%GetIterator()
    Set newprivate={}
    ///Need to set KID at same index with other keys so re-creating new 
    While iter.%GetNext(.key,.value) {
            Set newprivate.kty=value.keys.kty
            Set newprivate.n=value.keys.n
            Set newprivate.e=value.keys.e
            Set newprivate.d=value.keys.d
            Set newprivate.p=value.keys.p
            Set newprivate.q=value.keys.q
            Set newprivate.dp=value.keys.dp
            Set newprivate.dq=value.keys.dq
            Set newprivate.qi=value.keys.qi
            Set newprivate.alg=value.keys.alg
            Set newprivate.kid=KID
    }
    Set JWKSPrivate={"keys":[]}
    Do JWKSPrivate.keys.%Push(newprivate)
   
    s tSC=##class(%Net.JSON.JWT).Create(.JOSE,,tClaims,JWKSPrivate,,.JWT)
    if $$$ISERR(tSC) {
        q tSC
    }
    q JWT
}
Certifications & Credly badges:
Kevin has no Certifications & Credly badges yet.
Global Masters badges:
Kevin has no Global Masters badges yet.
Followers:
Kevin has no followers yet.
Following:
Kevin has not followed anybody yet.