Hi there.
I have an app which uses the Personal Demographics Service as follows:
- App ID is
3a48b0c6-0735-4535-b164-01f143025118
- Application-Restricted (Integration Testing) API is connected
- Public/private keys generated as per the instructions here
- Public key hosted by the NHS
But when I try to authenticate, I get a 401 error:
Invalid 'kid' header in client_assertion JWT - no matching public key
I’ve checked that the KID is correct, the JWT is valid and the public/private keys are verified (both checked using https://jwt.io). Any idea what the problem might be?
Glenn
Glen,
Have you added the public key url and uploaded a json format of public key to the application?
Also can you confirm the key pair was generated as RS512 algorithm.
Regards
Damon
Hi Damon. Yes to all these:
-
Public/private keys were generated using openssl according to the instructions I linked to above, which (I assume) use RS512
-
Public key is uploaded to the ‘Public key URL’ part of the Security Details, and can be seen here
Glenn
Problem is resolved. It turns out there was a subtle error in my setup (tiny typo in the KID name used for local testing). I thought there must be somewhere, but just missed it.