I'm having issues trying to verify my token for PDS FHIR

Hi Community!
We had the following question raised via email:

I’m trying to connect to https://int.api.service.nhs.uk/oauth2/token to get an authorisation token to then connect to the PDS API.
Token for use in Personal Demographics Service - FHIR API
Using the integration environment
Full request:
Full response:
“error”: “public_key error”,
“error_description”: “JWT signature verification failed”,
“message_id”: “rrt-2988346794993847258-b-geu2-24713-96323-1”

I have been able to verify my signature on jwt.io website with the public key I uploaded and you host for me.
Can you explain why my signature cant be verified on your end?
Thanks in advance.

Our support team has advised:
You need to check your private/public keys match and are valid.
It tends to be that their jwks url is a valid jwks url, has a kid that matches but the public/private key don’t match.
They should check their set up. Are they using the right private key that matches the ones on their url?

Hi Haroon, I had similar problems but understandable its hard to debug these on both sides when things go wrong.
Some things to check:
Are you signing with the right algorithm? sha512 not sha256
Is your signature a string “encodedHeader.encodedPayload” not encodedHeader.encodedPayload
Can you verify on jwt.io using only your public key?
Best of luck, I got it working recently after some trial and error my side.

1 Like

Thanks for the taking the time to provide your insight James, that’s very helpful!