Stream: smart
Topic: SMART App Launch JWT Signing
John Josef (Jan 20 2022 at 16:42):
Is there a way to verify a JWT generated by the SMART App Launcher? I am trying to find if there is a .well-known endpoint for JWKS so I can validate it since there doesn't seem to be any documentation around this I can find. Any help is appreciated.
adam strickland (Jan 20 2022 at 16:44):
If you grab the smart-configuration document for the launcher, there should be a jwks_uri pointing at a key set for this. Note that you should really only be verifying openid connect id tokens, since other tokens (launch, access for instance) are not necessarily JWTs for all servers.
John Josef (Jan 20 2022 at 16:46):
Thanks @adam strickland !
John Josef (Jan 20 2022 at 16:47):
We're just trying to get a proof of concept, we're aware there are other authentication methods
John Josef (Jan 20 2022 at 16:47):
I found the one I was looking for: https://launch.smarthealthit.org/v/r2/fhir/.well-known/openid-configuration/
Last updated: Apr 12 2022 at 19:14 UTC
