I'm running visual studio and I'm trying to do JWT based Client Registration. I'm relatively new to using JWTs. I'm stuck and I'm hoping someone can offer me some help. I'm getting a "Client registration metadata malformed or invalid" error.
Given the .p12 and .crt file from EMR, I was able to create a RS256 key using opesSSL.
var headerDictionary = new Dictionary<string, object>()
{
// {"alg", "RS256"},
{"x5c", new string[]{"-----BEGIN CERTIFICATE-----MIIFMTCCBBmgAwIBAgIIfKGvOzF0T1wwDQYJKoZIhvcNAQELBQAwgbMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTYW4gRGllZ28xEzARBgNVBAoMCkVNUiBEaXJlY3QxPzA9BgNVBAsMNlRlc3QgUEtJIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IChjZXJ0cy5lbXJkaXJlY3QuY29tKTElMCMGA1UEAwwcRU1SIERpcmVjdCBUZXN0IENsaWVudCBTdWJDQTAeFw0yMDEwMDgyMjQzMjZaFw0yMzEwMDgyMjQzMjZaMIG1MQswCQYDVQQGEwJVUzERMA8GA1UECAwIT2tsYWhvbWExKDAmBgNVBAoMH1FWSCBTeXN0ZW1zIExMQyAoc2VsZi1hc3NlcnRlZCkxMzAxBgNVBAsMKlVEQVAgVGVzdCBDZXJ0aWZpY2F0ZSBOT1QgRk9SIFVTRSBXSVRIIFBISTE0MDIGA1UEAwwraHR0cHM6Ly90ZXN0LmhlYWx0aHRvZ28ubWUvdWRhcC1zYW5kYm94L3F2aDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALVcPb6jq5gKMzhI5teDbIXdblklAs+B+uhDpfDPQmY7fgy4s6JLMmDaADuD+tvXQhprnBfdrC6+bb5/rYyeuoKUb3r4oJUsj7SP9nxPxqpR+mC2m4m2vTDjvzjIX3Sn79zUqSW+U6nR6v/DXb/NGxk7sB+i41kCPFpnzqcpbGrRoUXp2fG9vqtETcfE/WoePP9JXyPOjfxpTC7m0DEIiP8A/4cUSRb5GiYVmZTi+yf1RnaRUl3wqZNDf35DNv8f8oKBo4SAfUN9a2mYwNMZvFcZnP/hgto+cVt7I/jUcGZTUxRGy+PTe0SbNv8q3/s338YTcpVZE+mTtFxK9fDeFekCAwEAAaOCAUMwggE/MFkGCCsGAQUFBwEBBE0wSzBJBggrBgEFBQcwAoY9aHR0cDovL2NlcnRzLmVtcmRpcmVjdC5jb20vY2VydHMvRU1SRGlyZWN0VGVzdENsaWVudFN1YkNBLmNydDAdBgNVHQ4EFgQUZ0dzX9/3sNCSENKclmPcin8NeTwwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSjlW1rvStRzeHP5ZBv1yZPv90+3jBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY2VydHMuZW1yZGlyZWN0LmNvbS9jcmwvRU1SRGlyZWN0VGVzdENsaWVudFN1YkNBLmNybDAOBgNVHQ8BAf8EBAMCB4AwNgYDVR0RBC8wLYYraHR0cHM6Ly90ZXN0LmhlYWx0aHRvZ28ubWUvdWRhcC1zYW5kYm94L3F2aDANBgkqhkiG9w0BAQsFAAOCAQEAXRPWC72Vi7E4UZVkKH0Hb1krpKXNdup69pWGxfbGRayDm35izA0vQ9rcQIOGgjQrRQuRo4I4cMBb6odiWbVLyqKyfAW/rNPvdNlmkTWHfPiDUXISRQqhTMKsviY3SQ+1S111uxJYTm75IncX41w+FOuvrDcb1xqw6XGOVKZ+Tq05FL3TL7yWkNtgo1x7u5qfcz3AD3Dobn5T30gLmsu12TAhR9Ay37h5H1ZfAQkDcdlu93Y4RAfeqsMkcv/6lniZKbakI46ZnMNeVbN6OToEGvw6NQlE68CLx0QPtVO5pfbcUApzkhVNgqZDFjXm7sMrJeEtfVimsUo/PSfwsSEA2g==-----END CERTIFICATE-----"}},
{"typ", "JWT"}
};
// The claims are sometimes referred to as the payload
var claimDictionary = new Dictionary<string, object>
{
{"exp", DateTimeOffset.Now.ToUnixTimeSeconds()+240},
{"iat", DateTimeOffset.Now.ToUnixTimeSeconds()},
{"jti", "QVHSInfinedi123"},
{"client_name", "qvh"},
{"grant_types","authorization_code"},
{"response_types","code"}, // not sure about response_types
{"token_endpoint_auth_method","private_key_jwt"},
{"scope","test"}
};
JWTService.Managers.JWTService jwtService = new JWTService.Managers.JWTService();
var myJwt = jwtService.GenerateJWTToken(rsaPrivateKey, headerDictionary, claimDictionary);
The Signature is Verified.
Using the UDAPTestTool I selected Grant Type: cleint_cerdentials with Client IP 199.277.9.180 ip address and start test 3 Trusted dyn client registration. I'm getting a unparseable x.509 certificate in x5c chain.