Unexpected value for parameter "jwks": expecting "array", got "string"

rfrazier22 · January 6, 2026, 8:01pm

I have a server (Mowoli MWL) that is SSL. I would like to authorize it to get fields from my OpenEMR server. My OpenEMR is also SSL and I’ve set the “Site Address Override (if needed for OAuth2, FHIR, CCDA, or Payment Processing)” to https://emr-wave-diagnostics.com. Check. But when I go to set up an App to allow access for my Mowoli server, I always get “Unexpected value for parameter “jwks”: expecting “array”, got “string”.” if I leave the “JSON Web Key Set (Note a hosted web URI is preferred and this feature may be removed in future SMART versions):” box blank.
This happens even if i popluate the “JSON Web Key Set URI:” field with the proper URL for the jwks. Even if i try to register an app with “App Redirect URI:” and “App Launch URI:” populated correctly, i still get that error. The only way I’ve gotten around it is by putting {} into the “JSON Web Key Set” box. But i think this is messing up my token. I continuously get invalid client, etc.. Does anyone know what I’m doing wrong?

luisuriarte · January 6, 2026, 8:14pm

I use https://mkjwk.org
• Key Size: 2048
• Key Use: Signature
• Algorithm: RS384:RSA
• Key ID: SHA-256
• Show X.509: Yes
Choose Public and Private Keypair Set, and add that content to the jwks.json file.

Example:

[code]

{“keys”: [{“kty”: “RSA”,“alg”: “RS256”,“use”: “sig”,“kid”: "search_key6,“n”: “qF6upPooOTquBZfqfX0cmL0MYA5ksvzkOV_QplVZaC6ubRMLcwnMxhEtYTQxNulYI4RH3qjffKMxD2EMKlv0mFWvQu6hbRLKwPzHuAbKaCQhazwUF6w2DLHRS7DcoEaqop6ZPd-6-5ekcfZIqiP4cnXScijz0lR91-KUG428R8pnNpoEhlertEnPyF8a3gGUpDpE2lXkYfPF3pa2y7HeBwC5zxOaPbbgFGqfvNedJLEzsLHlx8ksEx3o7dThGvepoS_TvWOmpM1vnMeasdhljhsjhsfdjhjkhjfkhdsfhjklhsdfjkhklyqpMuEIq0e7Aw”,“e”: “AQAB”}]}
[/code]

In Openemr:

rfrazier22 · January 6, 2026, 9:57pm

Sweet so far… hey where did you get your Redirect URI (api.php) and your Launch URI (index.php)? I may have that set up wrong also…

luisuriarte · January 6, 2026, 10:23pm

https://openemr-domain/api/api.php

https://openemr-domain/api/index.php

https://openemr-client/api/jwks.json

It is important to note that both the client and the server hosting OpenEMR must be secure (https).

Here’s an example. Sorry, it’s in Spanish.

sjpadgett · January 6, 2026, 10:45pm

This may be helpful. It a client I developed to felp folks with auth.

sjpadgett · January 6, 2026, 10:47pm

If you decide it is helpful I can supply you with the newest version have several new features. This is what I used to test FHIR API.

rfrazier22 · January 7, 2026, 2:25am

I see you put the JSON Web Key Set URI url box. It’s good… But the JSON Web Key Set box… how did you leave it empty? i keep getting the same error as before… did you create this in the app creator or using command line?

sjpadgett · January 7, 2026, 3:01am

Here is newest version. read documents and be sure to set up config.

modules.zip (33.1 KB)

rfrazier22 · January 9, 2026, 4:08am

Starting client registrations…
→ [JWT] Deleting any existing client named “mowoli8 JWT Client Credentials”
→ [JWT] Registering client…
[JWT] Registration ERROR: HTTP 400 response: {“error”:“invalid_scope”,“error_description”:“The requested scope is invalid, unknown, or malformed”,“hint”:“Check the `system\/Patient.rs` scope”,“message”:“The requested scope is invalid, unknown, or malformed”}

rfrazier22 · January 9, 2026, 4:08am

I’d be glad to have a session with you on this… ugh!

rfrazier22 · January 9, 2026, 10:21pm

Im stuck on this… i can do the Confidential, but JWT fails every time…

rfrazier22 · January 9, 2026, 10:23pm

How did you get your JSON Web Key Set to allow blank box? I see you have something in there that looks like ‘‘ or “ … how did you do that?

luisuriarte · January 9, 2026, 11:14pm

That password is probably incorrect because GitGuardian flagged it, so I’ll probably change it to any character.

I used the key generator: https://mkjwk.org/
• Key Size: 2048
• Key Use: Signature
• Algorithm: RS384:RSA
• Key ID: SHA-256
• Show X.509: Yes
Choose Public and Private Keypair Set, and add that content to the jwks.json file.

rfrazier22 · January 10, 2026, 2:13am

What I’m saying the the JSON Web Key Set box… I CANNOT leave it blank… i get the error Unexpected value for parameter “jwks”: expecting “array”, got “string” when i do…

rfrazier22 · January 10, 2026, 2:17am

Also… what scopes can i use? is that causing any errors… Also. I dont want to have to have someone log in to this. I have another DICOM MWL server that I want to connect and pull Procedure data from OpenEMR.. what am I doing wrong?

sjpadgett · January 10, 2026, 4:38pm

What version openemr are you using?

rfrazier22 · January 10, 2026, 6:10pm

7.0.4 i is the version that I’m using… No matter what, the system wont allow me to keep that box empty in the UI… Another question… From what I’m describing… Mowoli MWL. It’s a DICOM server that my US machine will talk to… should the Mowoli server be able to pull that Procedure data from OpenEMR? Or do i have to use Mirth?

sjpadgett · January 10, 2026, 6:41pm

You can pull the procedure data with FHIR or our standard API(no 100% sure here).

Forgive me but I don’t understand “box empty” what box?

Fix your scope. I find JWK Client grant is the way to go. Once JWK is fixed and using test app you can test the procedure profile or endpoint.

My app uses openemr OpenEMR\Auth\JwkService