PDS FHIR API - Public Key Misconfigured

Hi all,

We’re trying to integrate the PDS FHIR API into our application. It works great for the Integration test endpoint, but we’re having some difficulties when deploying to prod.

Specifically, we get the following:

          "error": "public_key error",
          "error_description": "The JWKS endpoint, for your client_assertion can't be reached",
          "message_id": "rrt-4745027357182055535-b-geu2-20324-110203-1"

According to the developer hub, our JWKS end-point (Self-hosted) is configured fine. It says “Your public key is valid”

However, the info here clearly states the error is related to a poorly configured public key.

Can you offer suggestions on where to go from here?

I’ve checked our JWKS end-point against the JWK standard and it looks fine.
I’ve also checked it against our public/private keypair and it looks fine.

I would be very grateful for direction from here.

Thank you

**Removed images, as new users can ony embed one image, apparently ***

Just a nudge.
Still haven’t overcome this, and hoped someone might be able to offer some direction.
Thank you

Hi Leigh,
Sorry for the delay you’ve experienced.
Please could you send me the follow information.

  • Product Application Name
  • Application ID
  • Integration Test environment name
    I’ll pass this on and we’ll analyse our logs to see if we can help you further.

Many thanks for your patience,


Hi Richard,
Thank you, details as follows:

Production Environment
Application name is EARL-production
Application ID is e1017690-60b9-45f7-9cda-21ae12ce40e0

Integration Test Environment
Application name EARL-integration-test

We’ve ran some searches a few minutes ago in the test (successfully) and prod (still get same errors), so there should be some things in the logs for you to review.

Thank you

thanks for that Leigh, I’ll get this info passed on. Many thanks

Hi Leigh, we’ve checked your app config. It looks lik there is no api and no jwks in the custom attributes. The team looking into this have suggested setting up a meeting to trace the issue. Please could you let me have an email address to send the meeting request to and some times that are convenient over the next week to set the session to? Many thanks

Thanks Richard.
I’ve DM’d you.

Hi Leigh, have sent you an invite for Tuesday afternoon for a meeting for diagnosis/trace.

Many thanks

Thought it worth following up here, for anyone that subsequently finds their way to this post searching for the answer.

@richard.seacome1 facilitated a short meeting with a couple of helpful NHS developers, who were quickly able to identify that, although my JWKS endpoint was correctly configured in my NHS Developer portal, it had not propogated to a back end system correctly.

They updated the endpoint in their back end systems, and it worked immediately. Several months of troubleshooting… Still. All done now I guess!

Thank you @richard.seacome1 !

1 Like