FHIR Chat · registering a client at test.fhir.org · bulk data

Stream: bulk data

Topic: registering a client at test.fhir.org

view this post on Zulip Josh Mandel (Jan 28 2018 at 15:12):

@Grahame Grieve where/how can someone register a backend services client for https://test.fhir.org/

view this post on Zulip Grahame Grieve (Jan 28 2018 at 15:14):

you can do it one of 2 ways:
- log in in your browser through https://test.fhir.org/r3 and then chose 'register a client'
- use the dynamic registration end point at https://test.fhir.org/auth/register

view this post on Zulip Josh Mandel (Jan 28 2018 at 15:15):

For #1, I don't see "register a client"

view this post on Zulip Josh Mandel (Jan 28 2018 at 15:16):

Is there something funny happening @Grahame Grieve ?

view this post on Zulip Grahame Grieve (Jan 28 2018 at 15:16):

did you go through oauth login first?

view this post on Zulip Grahame Grieve (Jan 28 2018 at 15:16):

there's always something funny happening

view this post on Zulip Josh Mandel (Jan 28 2018 at 15:16):

I tried with and without.

view this post on Zulip Grahame Grieve (Jan 28 2018 at 15:17):

"You can also Register a client"

view this post on Zulip Josh Mandel (Jan 28 2018 at 15:34):

For my public key, I think I can't paste in a PEM-formatted public key directly? But if I put it in a JWKS, is it a whole set as in https://tools.ietf.org/html/rfc7517#appendix-A.1 or a single JWK? Which properties on the JWK are supported? e.g. bare values, or x5c, or x5u?

view this post on Zulip Grahame Grieve (Jan 28 2018 at 15:35):

no pEM - either DER or JWKS. If JWKS - I expect a whole set format wise, but you only need the actual key

view this post on Zulip Grahame Grieve (Jan 28 2018 at 15:35):

I expect the following properties:

view this post on Zulip Josh Mandel (Jan 28 2018 at 15:35):

But if can I provide the key in a x5c property?

view this post on Zulip Grahame Grieve (Jan 28 2018 at 15:38):

I'm looking

view this post on Zulip Grahame Grieve (Jan 28 2018 at 15:38):

I think it's e d p

view this post on Zulip Josh Mandel (Jan 28 2018 at 17:19):

OK -- now I've registered a client and I'm seeing, when I submit an access token request with the following JWT:

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJpc3MiOiJodHRwczovL2J1bGstZGF0YS1sb2FkZXIuc21hcnRoZWFsdGhpdC5vcmciLCJzdWIiOiJjLjIiLCJhdWQiOiJodHRwczovL3Rlc3QuZmhpci5vcmcvYXV0aDMvdG9rZW4iLCJleHAiOjE1MTc1OTE3ODMuMCwianRpIjoiM2FkZjBjYjZhM2Y4YmU4Y2FiMGUxNGExZDJiNjQxZTllZTRhNzk1OTg3ZGRiNzdkZDcxMDRmOWUxY2Y2NWU0NiJ9.HcDF5ST1uHueXOOei2CUq7d6CyGsTBsZlAvm4Mw0INsYKOAPuP77293yP4G7xPWEuEvxzuQILRalItyjlEqw1EUIBvJccHOcEW-XxuL9XBqsyRx3_U2nB3OLg9NSvqEb4U7U2YpCe6RXKkvAhXnp79ybJ1R1Y99aBFabP37mVQgR-APUphP8Jifr1tG1kYe4mm9SIbSPFlbM6BNKyGTvMoxvLWBd0BmAb-9nQ49NgKsgkNVd2CH90ymTL4H0dElFPRQdEBqZnWIm7v6JrGtw-La6yFEccyfmDsJgF2viSxTlWgv56OrISqRg11MzTiy6UHaJ1LQGRxEtRl_8WHC06g

I get the following error from https://test.fhir.org/auth3/token:

{'error': 'invalid_request', 'error_description': 'JWT expiry is too old'}

... but the JWT above expires in February! The tokens's header (decoded) is:

{
  "typ": "JWT",
  "alg": "RS512"
}

And the token's payload (decoded) is:

{
  "iss": "https://bulk-data-loader.smarthealthit.org",
  "sub": "c.2",
  "aud": "https://test.fhir.org/auth3/token",
  "exp": 1517591783,
  "jti": "3adf0cb6a3f8be8cab0e14a1d2b641e9ee4a795987ddb77dd7104f9e1cf65e46"
}

view this post on Zulip Grahame Grieve (Jan 28 2018 at 17:23):

I'll look into it

view this post on Zulip Grahame Grieve (Jan 28 2018 at 17:32):

I've added more information to the error- working on the upgrade now

view this post on Zulip Josh Mandel (Jan 28 2018 at 17:48):

Thanks!

view this post on Zulip Grahame Grieve (Jan 28 2018 at 17:57):

try again

view this post on Zulip Josh Mandel (Jan 28 2018 at 18:09):

Got access token {'error': 'invalid_request', 'error_description': 'JWT expiry (1/1/1970) is too old'}

view this post on Zulip Grahame Grieve (Jan 28 2018 at 18:12):

hmm.

view this post on Zulip Grahame Grieve (Jan 28 2018 at 18:12):

so you are populating "exp"?

view this post on Zulip Grahame Grieve (Jan 28 2018 at 18:12):

what with?

view this post on Zulip Josh Mandel (Jan 28 2018 at 18:15):

I shared a complete payload above.

view this post on Zulip Josh Mandel (Jan 28 2018 at 18:15):

You can see the token, the decoded header, and the decoded payload.

view this post on Zulip Grahame Grieve (Jan 28 2018 at 18:15):

k sorry.

view this post on Zulip Jenni Syed (Jan 28 2018 at 18:19):

jwt.io thinks the token above may fail a few JWT libraries, though I haven't dug into it much @Josh Mandel

view this post on Zulip Jenni Syed (Jan 28 2018 at 18:19):

actually, I think I'm misreading what it is trying to represent :)

view this post on Zulip Josh Mandel (Jan 28 2018 at 18:20):

Yeah, I pasted it into jwt.io to debug and it looked OK to me :-)

view this post on Zulip Josh Mandel (Jan 28 2018 at 18:20):

I may be doing something silly though.

view this post on Zulip Grahame Grieve (Jan 28 2018 at 18:20):

so the exp value I'm seeing is 0. I'm trying to figure out why

view this post on Zulip Josh Mandel (Jan 28 2018 at 18:20):

Oh, Grahame: I see somethign silly

view this post on Zulip Josh Mandel (Jan 28 2018 at 18:21):

maybe unrelated, but I'm doing RS512 signatures

view this post on Zulip Grahame Grieve (Jan 28 2018 at 18:21):

that should be ok for me

view this post on Zulip Josh Mandel (Jan 28 2018 at 18:21):

I should be doing RS256 per the SMART spec though, so I'll fix that at least. But good to know you support both!

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -