Stream: smart/health-cards
Topic: DEFLATE is not JSON
Angus Millar (May 11 2021 at 01:53):
Hi Guys, I've been trying to generate a SMART Health Card JWT using .net and have struggled with the requirement that the payload is compressed with DEFLATE. I'm no expert at JWT but my reading leads me to believe that a JWT payload must be JSON and not compressed JSON. Of course, I do understand why compression is desired but do the specifications for JWT allow this? If I read RCF 7519 section 7.2 Validating a JWT, it says in point 10 "Verify that the resulting octet sequence is a UTF-8-encoded representation of a completely valid JSON object conforming to RFC 7159 [RFC7159]; let the JWT Claims Set be this JSON object" I'm also lead to the very same reference if I paste one of the examples from the https://smarthealth.cards/ into the site https://jwt.io/. Can someone help me understand what I am missing here? Is it possible that I struggle with the standard .net classes for JWT generation due to this point?
Stephen MacVicar (May 11 2021 at 13:56):
I went through the same thing. A SMART Health Card is a JWS, not a JWT. A JWT has a JSON payload, but a JWS can have an arbitrary payload. Since it's not a JWT, jwt.io isn't very helpful, and you'll need to be sure that you are using a JWS library rather than a JWT library.
Josh Mandel (May 11 2021 at 18:04):
Indeed -- https://github.com/smart-on-fhir/health-cards/issues/128#issuecomment-826854186 has some additional details and background on this point.
Josh Mandel (May 11 2021 at 18:04):
Let us know if you're having trouble finding libraries that work with JWS, once you get to this stage; we'd like to have good library references/recommendations for common languages.
Angus Millar (May 11 2021 at 22:23):
Ok, thankyou @Stephen MacVicar and @Josh Mandel , I will keep digging
Last updated: Apr 12 2022 at 19:14 UTC
