I'm having issues trying to verify my token for PDS FHIR

Hi Community!
We had the following question raised via email:

I’m trying to connect to https://int.api.service.nhs.uk/oauth2/token to get an authorisation token to then connect to the PDS API.
Token for use in Personal Demographics Service - FHIR API
Using the integration environment
Full request:
Full response:

  •       {*
  •       "error": "public_key error",*
  •       "error_description": "JWT signature verification failed",*
  •       "message_id": "rrt-2988346794993847258-b-geu2-24713-96323-1"*
  •       }*

I have been able to verify my signature on jwt.io website with the public key I uploaded and you host for me.
Can you explain why my signature cant be verified on your end?
Thanks in advance.

Our support team has advised:
You need to check your private/public keys match and are valid.
It tends to be that their jwks url is a valid jwks url, has a kid that matches but the public/private key don’t match.
They should check their set up. Are they using the right private key that matches the ones on their url?

Hi Haroon, I had similar problems but understandable its hard to debug these on both sides when things go wrong.
Some things to check:
Are you signing with the right algorithm? sha512 not sha256
Is your signature a string “encodedHeader.encodedPayload” not encodedHeader.encodedPayload
Can you verify on jwt.io using only your public key?
Best of luck, I got it working recently after some trial and error my side.

1 Like

Thanks for the taking the time to provide your insight James, that’s very helpful!

Hello, I have a same issue right now.

Can you please let me know how to check private and public key unmatching ? I created the keys by using jwt.io and following the instruction step 3,4.

Hi sorry again, It worked after correcting a few minor mistakes.