Authentication problem with PDS app

Hi there.

I have an app which uses the Personal Demographics Service as follows:

  • App ID is 3a48b0c6-0735-4535-b164-01f143025118
  • Application-Restricted (Integration Testing) API is connected
  • Public/private keys generated as per the instructions here
  • Public key hosted by the NHS

But when I try to authenticate, I get a 401 error:

Invalid 'kid' header in client_assertion JWT - no matching public key

I’ve checked that the KID is correct, the JWT is valid and the public/private keys are verified (both checked using Any idea what the problem might be?



Have you added the public key url and uploaded a json format of public key to the application?

Also can you confirm the key pair was generated as RS512 algorithm.



Hi Damon. Yes to all these:

  • Public/private keys were generated using openssl according to the instructions I linked to above, which (I assume) use RS512

  • Public key is uploaded to the ‘Public key URL’ part of the Security Details, and can be seen here


Problem is resolved. It turns out there was a subtle error in my setup (tiny typo in the KID name used for local testing). I thought there must be somewhere, but just missed it.