Self-service signed JWT public key set up is already live for self-hosted public keys. For guidance, see Application-restricted RESTful APIs - signed JWT authentication.
We are also working on making set up self-service for public keys hosted by us.
1 Like
@mick.schonhut1 who do I need to contact to host my public key? I am new to API Management. Your reply would be appreciated
Hey @ayo.odunsi1 check out our Contact us page for details on who to contact for this
1 Like
I think the python example needs updating on here. I had to use the cryptography package to get it working.
Thanks for letting us know, James.
Was that the Python example in Step 4?
What was the specific problem you found with the code snippet we provided?
Yes it is that one.
If you use a passphrase for the key pair generated in Step 2 the jwt package by itself won’t be able to access the key file.
I ended up using:
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.serialization import load_pem_private_key
Like this:
# Read the private key file.
with open(private_key_file, "r") as f:
private_key = f.read()
# Load the key.
rsa_key = load_pem_private_key(
private_key.encode('utf-8'),
password=private_key_passphrase.encode('utf-8'),
backend=default_backend())
# Create a claims header
claims = {
"sub": api_key,
"iss": api_key,
"jti": str(uuid.uuid4()),
"aud": "https://int.api.service.nhs.uk/oauth2/token",
"exp": int(time()) + 300, # 5mins in the future
}
# Create additional header
additional_headers = {"kid": kid}
j = jwt.encode(
claims,
rsa_key,
algorithm="RS512",
headers=additional_headers
)
Happy to hear if there’s a better way!