FHIR Chat · Backend services authentication · bulk data

Stream: bulk data

Topic: Backend services authentication

view this post on Zulip Sumanth Bandaru (Jan 14 2021 at 15:51):

Hello everyone,

Has anyone implemented SMART backend services authentication (client credential grant flow with JWT)using Identity server 3 (.net)?

view this post on Zulip Michele Mottini (Jan 14 2021 at 15:52):

We did - but only using RS256

view this post on Zulip Chuck Feltner (Jan 14 2021 at 16:18):

We have as well.

view this post on Zulip Sumanth Bandaru (Jan 14 2021 at 16:36):

Thanks for the response Michele and Chunk. I have few questions regarding the implementation. Do you mind if we have private conversation ?

view this post on Zulip Michele Mottini (Jan 14 2021 at 16:36):

Ask here please

view this post on Zulip Mike Ross (Jan 14 2021 at 17:10):

Yes. Please ask here so we can all learn.

view this post on Zulip Sumanth Bandaru (Jan 14 2021 at 17:43):

Sure. I have a question on how can we inject middle ware into ID3 that can understand and parse the JWT Client assertion from the request body ? Is there any link that you can provide which will be helpful for this scenario?

view this post on Zulip Michele Mottini (Jan 14 2021 at 19:45):

When you create the client (Core.Model.Client) you have to set the ClientSecrets with the list of certificates to be used to verify the JWT signature:

                        client.ClientSecrets.Add( new Secret
                        {
                            Value = Convert.ToBase64String( cert.Export( X509ContentType.Cert ) ),
                            Type = Constants.SecretTypes.X509CertificateBase64,
                        } );

view this post on Zulip Michele Mottini (Jan 14 2021 at 19:46):

IdentityServer takes care of the parsing and validation based on those certificates

view this post on Zulip Sumanth Bandaru (Jan 14 2021 at 20:52):

Thanks Michele. I appreciate it.

view this post on Zulip Sumanth Bandaru (Jan 14 2021 at 22:37):

Hi Michele,
I used the code you sent. Looks like the Id3 has limitations on the value column in clientsecrets table. The Maximum value is defined as nvarchar(250) and the value I am getting from the certificate is more than 250 characters. Did you change this limitation in your server?

view this post on Zulip Michele Mottini (Jan 14 2021 at 23:17):

We use a custom client store and we actually read the certificate from the Windows certificate store

view this post on Zulip Michele Mottini (Jan 14 2021 at 23:18):

I assume it is not a problem to increase the size of that column

view this post on Zulip Sumanth Bandaru (Jan 14 2021 at 23:31):

yeah. I will need to that and see if that works. Thanks

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -