Getting 401 "Invalid JWT"
1,611 views
Skip to first unread message
laxminar...@gmail.com
Jan 30, 2020, 4:04:29 PM1/30/20
to Data at the Point of Care Community
Hi,
I am getting 401 "Invalid JWT" when I try to get access token from postman. I troubleshooted based on other thread. But still i am getting same response, i am not sure what i am missing. Can you pleas help. Thanks
laxminar...@gmail.com
Jan 31, 2020, 8:11:49 AM1/31/20
to Data at the Point of Care Community
can any one please help on this ?
Megan McFeely
Jan 31, 2020, 10:00:29 AM1/31/20
to Data at the Point of Care Community
Hello!
Thanks for reaching out! One of our engineers is looking into this issue; we'll have an update for you soon.
Best,
Megan McFeely
DPC Community Manager
laxminar...@gmail.com
Jan 31, 2020, 11:25:46 AM1/31/20
to Data at the Point of Care Community
Thanks you for the response. Please let me know, if you need any information on this
laxminar...@gmail.com
Feb 5, 2020, 10:10:57 AM2/5/20
to Data at the Point of Care Community
Hi,
Please let me know if any help on this
Thanks
Laxmi
Megan McFeely
Feb 5, 2020, 6:03:21 PM2/5/20
to Data at the Point of Care Community
Hi Laxmi,
Apologies for the delay - I conflated your issue with another invalid JWT token question posted at a similar time. We have an engineer looking at it now, I'll have an answer for you as soon as possible.
Megan McFeely
Feb 5, 2020, 6:37:07 PM2/5/20
to Data at the Point of Care Community
Hi Laxmi,
It looks like you don't have a valid signature on your access token. You can confirm this at jwt.io.
More information about creating a JWT access token is available in the DPC Implementation Guide - I included some of the relevant documentation below.
Creating a JSON Web Token (JWT)
JWT.io provides comprehensive information about what JSON Web Tokens are and how to use them. For testing purposes, the site offers a debugger that allows you to enter a header, payload, and keys to generate a signed JWT.
Online tools for creating JWTs should not be considered secure and should not be used to create tokens to access production data. Instead, use one of the libraries listed on JWT.io to generate JWTs in your DPC API client.
JWT for testing in the sandbox
For the DPC sandbox environment, which contains no PII or PHI, a JWT can be created with the JWT.io debugger. More details on each field can be found under Authentication JWT Header Values and Authentication JWT Claims.
- From the Algorithm dropdown, select
RS384. - On the "Decoded" side, the "Header: Algorithm & Token Type" text area must contain a JSON object with the fields below.
algandtypwill already be set, so you will need to addkid."alg": "RS384"(set for you after you select the algorithm)"kid": "{ID of public key}""typ": "JWT"(set by default)
- The "Payload: Data" text area must contain a JSON object with the fields below. It will already contain
sub,name,admin, andiat. The value ofsubwill change, andname,admin, andiatshould be removed."iss": "{client token}""sub": "{client token}""aud": "https://sandbox.dpc.cms.gov/api/v1/Token/auth""exp": "{expiration time}""jti": "{nonce}"
- Under "Verify Signature", the first text area should contain your public key, and the second, your private key. This keypair should be for testing in the sandbox, not one that is used to access any production data.
Thanks!
laxminar...@gmail.com
Feb 6, 2020, 8:08:07 AM2/6/20
to Data at the Point of Care Community
Hi Megan, I followed all the steps for Valid JWT. Signature was verified. I did validated JWT and got 200 response. then I used same JWT to get access token. I was getting "Invalid JWT" response all the time.
{
"code": 401,
"message": "Invalid JWT"
}
Thanks
Laxmi
laxminar...@gmail.com
Feb 10, 2020, 1:31:08 PM2/10/20
to Data at the Point of Care Community
Hi. Any help please. Thanks Laxmi
hebr...@gmail.com
Feb 11, 2020, 10:14:17 AM2/11/20
to Data at the Point of Care Community
Hey Laxmi,
I didn't see anyone mention yet, can you confirm your RSA key has a key length of at least 4096 bits?
Additionally, make sure the aud claim is set to the production endpoint (https://dpc.cms.gov) even when making the call to the sandbox (https://sandbox.dpc.cms.gov).
Best Regards,
Bryan
laxminar...@gmail.com
Feb 11, 2020, 10:23:49 AM2/11/20
to Data at the Point of Care Community
HI,
Yes RSA key has a key length of 4096 bits. and aud claim endpoint is pointing to prod URL.
Thanks
Laxmi
Calvin Plum
Feb 11, 2020, 1:31:52 PM2/11/20
to Data at the Point of Care Community
I am able to generate one without issues. What you seem to be doing is in line with what I am doing, i think!
laxminar...@gmail.com
Feb 20, 2020, 1:22:50 PM2/20/20
to Data at the Point of Care Community
Hi,
Not sure what is missing. when I do "/v1/Token/validate" for the JWT. And use the same one for "/v1/Token/auth" getting response as "401 Invalid JWT". I am keeping "exp" time window for 5 min. I am not able to move forward from this point. Please help on this.
Thanks
Laxmi
Emily Hart
Feb 21, 2020, 2:24:51 PM2/21/20
to Data at the Point of Care Community
Hi Laxmi,
Could you try creating and uploading a new public key, then a new JWT?
Thanks!
Emily Hart
DPC Engineer
quyon...@gmail.com
Mar 18, 2020, 2:10:36 PM3/18/20
to Data at the Point of Care Community
This may help since I had similar issue
1) The root case was that I didn't create JWT with the private key that matches the public key we uploaded to DPC.
2) The validate API doesn't really validate against any key. So even you passed the test of validation, it doesn't mean your JWT is VALID!
Yong
Reply all
Reply to author
Forward
0 new messages