search

Home  >  Q&A  >  body text

Implementing Epic on FHIR using PHP-JWT

<p>I'm trying to get a jwt token but everything I try gives me an error every time. Here are the things I've tried. I do get the jwt-token without the package, but when I check the signature verification using jwt.io it fails every time. While using this package I faced different errors like <em>Private key cannot be enforced</em> and sometimes <em>The algorithm is invalid</em>. Please correct me where I messed up. </p> <ul> <li><strong>No php-Jwt</strong></li> </ul> <pre class="brush:php;toolbar:false;">$header = [ 'alg' => "RS384", 'typ' => "JWT" ]; $payload = [ 'iss' => 'my-client-id', 'sub' => 'my-client-id', 'aud' => "https://fhir.epic.com/interconnect-fhir-oauth/oauth2/token", 'jti' => (string)strtotime(gmdate("Y-m-d H:i:s")), 'exp' => strtotime(gmdate("Y-m-d H:i:s")) 270, ]; $privateKey = "my private Key" $headers_encoded = $this->base64url_encode(json_encode($header)); $payload_encoded = $this->base64url_encode(json_encode($payload)); $signature = hash_hmac('sha384', $headers_encoded.'.'.$payload_encoded, $privateKey, true); // Encode the signature as a base64url string $signature_encoded = $this->base64url_encode($signature); $jwt = $headers_encoded.'.'.$payload_encoded.'.'.$signature_encoded;</pre> <p><strong>- using php-jwt</strong></p> <ol> <li>The package is installed <em>Composer requires firebase/php-jwt --ignore-platform-req=ext-mongodb</em></li> <li>Used the required files in my controller</li> </ol> <pre class="brush:php;toolbar:false;">use Firebase\JWT\JWT; use Firebase\JWT\Key;</pre> <ol start="3"> <li>Try encoding: </li> </ol> <pre class="brush:php;toolbar:false;">$check = JWT::encode( $header, $payload, $privateKey, 'RS384' );</pre> <p>I get different errors like <em>Unable to enforce private key</em> and sometimes <em>Invalid algorithm</em>. Please correct me where I messed up. </p> <p>Simply put, this is what I am doing or trying to do.我的代码的通用形式:</p> <pre class="brush:php;toolbar:false;"><?php // Load the private key from a file $privateKey = file_get_contents('private.key'); // Set the header and payload for the JWT $header = [ 'alg' => 'RS384', 'typ' => 'JWT' ]; $payload = [ 'sub' => '1234567890', 'name' => 'John Doe', 'iat' => 1516239022 ]; // Encode the header and payload as JSON strings $headerEncoded = base64_encode(json_encode($header)); $payloadEncoded = base64_encode(json_encode($payload)); // Concatenate the header, payload, and secret to create the signature $signature = hash_hmac('sha384', "$headerEncoded.$payloadEncoded", $privateKey, true); // Encode the signature as a base64 string $signatureEncoded = base64_encode($signature); // Concatenate the header, payload, and signature to create the JWT $jwt = "$headerEncoded.$payloadEncoded.$signatureEncoded"; echo $jwt;</pre> <p>我确实得到了 jwt 签名,但在 https://jwt.io/ 上它显示未经验证。</p>
P粉593649715P粉593649715510 days ago704

reply all(1)I'll reply

  • P粉037215587

    P粉0372155872023-08-31 14:09:36

    It has been fixed

    • Use this instead hash_mac():
    openssl_sign($data, $signature, $privateKey, OPENSSL_ALGO_SHA384);
    • Make sure if the key is stored in a PHP variable, set the key in the following format:
    $privateKey =  "------BEGIN PRIVATE KEY------\n".
    "MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC7VJTUt9Us8cKj\n".
    "MzEfYyjiWA4R4/M2bS1GB4t7NXp98C3SC6dVMvDuictGeurT8jNbvJZHtCSuYEvu\n".
    .
    .
    .
    "TQrKhArgLXX4v3CddjfTRJkFWDbE/CkvKZNOrcf1nhaGCPspRJj2KUkj1Fhl9Cnc\n".
    "dn/RsYEONbwQSjIfMPkvxF+8HQ==\n".
    "------END PRIVATE KEY------";

    Enclose each line in double quotes "", and add \n at the end of each line. < /p>

    reply
    0
  • Cancelreply