Koppeltaal-2.0-Dev-Guide
  • Developer Guide
  • POC (Walking Skeleton)
    • Proof Of Concept
      • Koppeltaal Server
      • Domain Management
      • Auth Server
      • Koppeltaal IdP
      • Domain Access Test Suite
      • Koppeltaal Test Tooling
  • Domain access
    • Joining a domain
    • Role-based access control
      • Autorisation model
      • Creating a role
      • Search Narrowing
      • Revoke Permission
  • Technical HOW-TO
    • Koppeltaal Test Tooling
    • Request Koppeltaal server metadata
    • Connecting to Koppeltaal
      • Requirements
        • Create a key pair
        • Signing the JWT
        • JWKS setup
      • Access to Koppeltaal
    • Managing resources
      • Versioning
      • CRUD Operations
        • Retrieve all Resources
        • Retrieve specific Resource
        • Create a Resource
        • Update a Resource
        • Delete a Resource
      • Subscribing to changes
    • Launching
      • HTI Flow
      • SHOF Flow
      • Compose a launch
      • Initiating a launch
      • Receiving a HTI launch
        • Token introspection
      • Receiving a SHOF launch
    • Detailed technical guidance
  • Hackathon Use Cases
    • Requirements
      • Install and configure Yivi
    • Use-Cases
      • Use-Case 1: Create a Task
        • Create an ActivityDefinition
      • Use-Case 2: HTI Launch
      • Use-case 3: SHOF Launch
      • Use-case 4: Subscribing to changes
  • Useful Links
    • Simplifier Profiles
    • FHIR Docs
    • HTI documentation
    • GitHub
    • Koppeltaal 2.0 Specifications & Architecture
    • Koppeltaal 2.0 Implementation Guide
    • Koppeltaal 2.0 OpenAPI Specs
Powered by GitBook
On this page
  • What is a JWT?
  • Signing
  • Topics
  1. Technical HOW-TO
  2. Connecting to Koppeltaal
  3. Requirements

Signing the JWT

Koppeltaal uses JWTs in several places. For the dev guide, two places are good to know about:

  1. For retrieving an access token that provides access to the Koppeltaal server.

  2. For performing a Koppeltaal launch using HTI or SMART HTI.

What is a JWT?

JWT stands for JSON Web Token. A practical explanation of how a JWT works can be found here. An important piece is:

In its compact form, JSON Web Tokens consist of three parts separated by dots (.), which are:

  • Header

  • Payload

  • Signature

Therefore, a JWT typically looks like the following.

xxxxx.yyyyy.zzzzz

Signing

The signing of the JWT takes place in the third part of the JWT: the signature (zzzzz in the example above). Koppeltaal uses asymmetric key pairs to sign the JWTs. The signature part is encrypted using the private key of the asymmetric key pair. The public-key part is published at the JWKS endpoint. This proves that a JWT is signed by a party in possession of the private-key. Signing the JWT is most easily performed using a JWT library for the relevant programming language.

The JWT debugger is a great place to see, at runtime, what the contents of the JWT are and what the token looks like. Note that we work with key pairs and not shared secrets. So make sure to select algorithms that work with key pairs like RS and ES.

RSA is more complicated to implement than, say, HMAC algorithms. However, it is a lot more secure. For example, there is no shared secret. Also, using JWKS, it is possible to quickly rotate keys.

Topics

TOP-KT-005c - Applicatie toegang: SMART on FHIR backend services

PreviousCreate a key pairNextJWKS setup

Last updated 1 year ago