I am trying to test Patient Export,by adding system/Group.$export to the scope.
Step1: Using postman, Register client using api http://:30080/oauth2/default/registration
I generated one jwks keyset is using the tool, https://mkjwk.org/; by giving following details
RSA- Key Use: Signature, Algorithm: RS384, Key-Id: SHA-256
Registration was successful using the generated key set.
Scope in the payload was specified as “scope”: “system/Group.$export”,
Step2:
In OpenEmr application, Enabled the registered Api client select.[Administration-Api Clients]
Step3
I tried to get the authorization token,by creating a JWT token, out of my jwks key set.
I used online tool, https://jwt.io/
In the tool, I used details as:
- Algorithm as RS384
Payload details given in generating jwt is below:
“sub”: generated client Id from the response of registration api in STEP1
“name”: client_name given in the registration api - Public key & Private key- Same public key and private key extracted from jwks key set.
Step 4: Invoked api http://:30080/oauth2/default/token from Postman
by passing parameter values as below
grant_type = client_credentials
client_assertion_type = urn:ietf:params:oauth:client-assertion-type:jwt-bearer
client_assertion = generated JWT token in STEP3
scope = system/Group.$export
udap = 1
And the response I am getting is “Bad Request”
{
“error”: “invalid_client”,
“error_description”: “Client authentication failed”,
“message”: “Client authentication failed”
}
I also tried with RS256 and HS256 algorithm types while generating JWKS and JWT
Could someone please provide an example or steps on getting a successful token?