I have a Provider based confidential app using the Smart workflow. I have a system account setup with a secret and a jwks url.
When i get to the point where I call the token endpoint, I've got it work using the secret by creating a Basic authorization header (client_id:client_secret base64 encoded) with the following parameters:
grant_type : authorization_code
redirect_url : [my url]
code : [code from auth call]
state : [my state]
Now, when I try to use the jwks url instead of the secret, i can't get it to work. From what I can tell from the documentation I do the exact same as above but set the authorization header to Bearer and create a jwt token based on a key in the jwks url and some other information for sub, issuer, aud, etc...
When I try it I get an error saying the authorization header is invalid.
correlation id: f7007d3d-8049-4264-b5a6-0e591e8c554c