Implementing Epic on FHIR using PHP-JWT

Question

I'm trying to get a jwt token but everything I try gives me an error every time. Here are the things I've tried. I do get the jwt-token without the package, but when I check the signature verification using jwt.io it fails every time. While using this package I faced different errors like Private key cannot be enforced and sometimes The algorithm is invalid. Please correct me where I messed up.

• No php-Jwt

$header = [
            'alg' => "RS384",
            'typ' => "JWT"
        ];

        $payload = [
            'iss' => 'my-client-id',
            'sub' => 'my-client-id',
            'aud' => "https://fhir.epic.com/interconnect-fhir-oauth/oauth2/token",
            'jti' => (string)strtotime(gmdate("Y-m-d H:i:s")),
            'exp' => strtotime(gmdate("Y-m-d H:i:s")) 270,
        ];

       $privateKey = "my private Key"

        $headers_encoded = $this->base64url_encode(json_encode($header));
        $payload_encoded = $this->base64url_encode(json_encode($payload));

        

        $signature = hash_hmac('sha384', $headers_encoded.'.'.$payload_encoded, $privateKey, true);
        
        // Encode the signature as a base64url string
        $signature_encoded = $this->base64url_encode($signature);

        $jwt = $headers_encoded.'.'.$payload_encoded.'.'.$signature_encoded;

- using php-jwt

1. The package is installed Composer requires firebase/php-jwt --ignore-platform-req=ext-mongodb
2. Used the required files in my controller

use Firebase\JWT\JWT;
use Firebase\JWT\Key;

3. Try encoding:

$check = JWT::encode(
          $header,
          $payload,
          $privateKey,
          'RS384'
      );

I get different errors like Unable to enforce private key and sometimes Invalid algorithm. Please correct me where I messed up.

Simply put, this is what I am doing or trying to do.我的代码的通用形式：

<?php

// Load the private key from a file
$privateKey = file_get_contents('private.key');

// Set the header and payload for the JWT
$header = [
    'alg' => 'RS384',
    'typ' => 'JWT'
];

$payload = [
    'sub' => '1234567890',
    'name' => 'John Doe',
    'iat' => 1516239022
];

// Encode the header and payload as JSON strings
$headerEncoded = base64_encode(json_encode($header));
$payloadEncoded = base64_encode(json_encode($payload));

// Concatenate the header, payload, and secret to create the signature
$signature = hash_hmac('sha384', "$headerEncoded.$payloadEncoded", $privateKey, true);

// Encode the signature as a base64 string
$signatureEncoded = base64_encode($signature);

// Concatenate the header, payload, and signature to create the JWT
$jwt = "$headerEncoded.$payloadEncoded.$signatureEncoded";

echo $jwt;

我确实得到了 jwt 签名，但在 https://jwt.io/ 上它显示未经验证。

Answer 1

It has been fixed

• Use this instead hash_mac():

openssl_sign($data, $signature, $privateKey, OPENSSL_ALGO_SHA384);

• Make sure if the key is stored in a PHP variable, set the key in the following format:

$privateKey =  "------BEGIN PRIVATE KEY------\n".
"MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC7VJTUt9Us8cKj\n".
"MzEfYyjiWA4R4/M2bS1GB4t7NXp98C3SC6dVMvDuictGeurT8jNbvJZHtCSuYEvu\n".
.
.
.
"TQrKhArgLXX4v3CddjfTRJkFWDbE/CkvKZNOrcf1nhaGCPspRJj2KUkj1Fhl9Cnc\n".
"dn/RsYEONbwQSjIfMPkvxF+8HQ==\n".
"------END PRIVATE KEY------";

Enclose each line in double quotes "", and add \n at the end of each line.