Implementing Epic on FHIR using PHP-JWT
<p>I'm trying to get a jwt token but everything I try gives me an error every time. Here are the things I've tried. I do get the jwt-token without the package, but when I check the signature verification using jwt.io it fails every time. While using this package I faced different errors like <em>Private key cannot be enforced</em> and sometimes <em>The algorithm is invalid</em>. Please correct me where I messed up. </p>
<ul>
<li><strong>No php-Jwt</strong></li>
</ul>
<pre class="brush:php;toolbar:false;">$header = [
'alg' => "RS384",
'typ' => "JWT"
];
$payload = [
'iss' => 'my-client-id',
'sub' => 'my-client-id',
'aud' => "https://fhir.epic.com/interconnect-fhir-oauth/oauth2/token",
'jti' => (string)strtotime(gmdate("Y-m-d H:i:s")),
'exp' => strtotime(gmdate("Y-m-d H:i:s")) 270,
];
$privateKey = "my private Key"
$headers_encoded = $this->base64url_encode(json_encode($header));
$payload_encoded = $this->base64url_encode(json_encode($payload));
$signature = hash_hmac('sha384', $headers_encoded.'.'.$payload_encoded, $privateKey, true);
// Encode the signature as a base64url string
$signature_encoded = $this->base64url_encode($signature);
$jwt = $headers_encoded.'.'.$payload_encoded.'.'.$signature_encoded;</pre>
<p><strong>- using php-jwt</strong></p>
<ol>
<li>The package is installed
<em>Composer requires firebase/php-jwt --ignore-platform-req=ext-mongodb</em></li>
<li>Used the required files in my controller</li>
</ol>
<pre class="brush:php;toolbar:false;">use Firebase\JWT\JWT;
use Firebase\JWT\Key;</pre>
<ol start="3">
<li>Try encoding: </li>
</ol>
<pre class="brush:php;toolbar:false;">$check = JWT::encode(
$header,
$payload,
$privateKey,
'RS384'
);</pre>
<p>I get different errors like <em>Unable to enforce private key</em> and sometimes <em>Invalid algorithm</em>. Please correct me where I messed up. </p>
<p>Simply put, this is what I am doing or trying to do.我的代码的通用形式:</p>
<pre class="brush:php;toolbar:false;"><?php
// Load the private key from a file
$privateKey = file_get_contents('private.key');
// Set the header and payload for the JWT
$header = [
'alg' => 'RS384',
'typ' => 'JWT'
];
$payload = [
'sub' => '1234567890',
'name' => 'John Doe',
'iat' => 1516239022
];
// Encode the header and payload as JSON strings
$headerEncoded = base64_encode(json_encode($header));
$payloadEncoded = base64_encode(json_encode($payload));
// Concatenate the header, payload, and secret to create the signature
$signature = hash_hmac('sha384', "$headerEncoded.$payloadEncoded", $privateKey, true);
// Encode the signature as a base64 string
$signatureEncoded = base64_encode($signature);
// Concatenate the header, payload, and signature to create the JWT
$jwt = "$headerEncoded.$payloadEncoded.$signatureEncoded";
echo $jwt;</pre>
<p>我确实得到了 jwt 签名,但在 https://jwt.io/ 上它显示未经验证。</p>