Server Error 401: Unable to generate Access Token

[mail2chromium]

Dear team,

I am currently working on an Android Project to get Patient details based on its Patient-ID. To get an access token for the user-restricted API, I am using your provided Java Tutorial based on the following GitHub repository;

I have carefully followed all of these steps;

1. Create a JWKS endpoint to publicly host your public key and note the URL.
2. Navigate to my developer account and sign in.
3. Select 'My applications' and 'Manage your applications'.
4. Select the application you want to add your JWKS endpoint to.
5. Enter the URL of your JWKS endpoint and click Save.

Reference Links:

1. The Personal Demographics Service - FHIR API is a RESTful API and as such uses the Application-restricted RESTful APIs - signed JWT authentication access mode

2. Can I refer you to Step 3 on the page Application-restricted RESTful APIs - signed JWT authentication - NHS Digital.

I am somewhat able to get JWT based on all the required parameters such as

        String PRIVATE_KEY_PATH = ""; // Current Directory
        String TOKEN_URL = "https://sandbox.api.service.nhs.uk/oauth2/token";
        String CLIENT_ID = "APPLICATION_ID"; // From my NHS Developer account
        String KID = "test-2";
        String ENDPOINT = "https://sandbox.api.service.nhs.uk/hello-world/hello/application";

I am attaching the screenshot of my implementation and where I am getting this issue;

But I am now getting 401 server error from the NHS server side. I am using windows OS but as I am using Android Studio, so I am a bit confused that which of the following files can be used, as I am getting weird errors for different files;

I have given the following files one by one and getting strange errors; For jwtRS512.pub:

 unable to convert key pair: Attempt to invoke virtual method 'org.bouncycastle.asn1.pkcs.PrivateKeyInfo org.bouncycastle.openssl.PEMKeyPair.getPrivateKeyInfo()' on a null object reference

For jwtRS512.key.pub:

 -> org.bouncycastle.asn1.x509.SubjectPublicKeyInfo cannot be cast to org.bouncycastle.openssl.PEMKeyPair

For jwtRS512:

 {"fault":{"faultstring":"Failed to parse key: policy(VerifyJWT.ClientCredentials)","detail":{"errorcode":"steps.jwt.KeyParsingFailed"}}}

I have tried all the possible files which are being generated using your methodology. I am getting the above errors with the recommended files.

TOOLS:

1. Operating System Windows 10-11
2. Android Studio 2021.2.1 Patch 2 for Windows 64-bit
3. Android Application API Level - 9

I am very near to solving my issue, your quick assistance might save me days.

[artronics]

@mail2chromium we created a ticket to look into this issue.

[artronics]

@mail2chromium Sorry for the delay. Do you still have this issue? I need someone to replicate it on windows but meanwhile:

• You need to use your private key for signing JWT. i.e jwtRS512
• PRIVATE_KEY_PATH must be the absolute path to the file. Not the directory.
• Make sure your private key is not password protected.
• The private key should be in a text format. The first line should be: -----BEGIN RSA PRIVATE KEY-----. If it's not then it's a wrong format.
• I can confirm the key-pair tutorial works for Linux. If you want to try it on linux you can use WSL. I had issues with openssl on Windows before. WSL will allow you to run Linux on your Windows machine. You can also quickly follow our Linux tutorial by running Ubuntu docker:

  docker run -it --rm ubuntu

  After running above command you get access to a running ubuntu container.

  # You need to install openssl and openssh-client
  apt update && apt install openssl openssh-client -y

  Now you can follow the linux tutorial. You also need to attach a volume to your container so you can access the generated files from you windows machine.

[artronics]

@mail2chromium I tried to reproduce your JWT issue on a Windows 10 machine. Here is my finding. I encounter no issue when following the tutorial on a windows machine so, I tried different ways to see if I can reproduce your errors.

• It's likely that you created your private key with a passphrase. When I created a private key this way, I got threw exception; nested exception is java.lang.ClassCastException: class org.bouncycastle.openssl.PEMEncryptedKeyPair cannot be cast to class org.bouncycastle.openssl.PEMKeyPair You encounter this exception as well however, you got this exception when you passed your public key instead of private key. As I mentioned on my previous comment, you need to pass your private key.
• Judging by the error that you get when you pass your private key (that's it jwtRS512) I would say your private key is fine and the error is coming from server. This means there is probably a misconfiguration.

I can look at your config and code in a google meet call. Please let us know otherwise I'll close this issue within 10 days. Thanks.

[mail2chromium]

@artronics Thanks for your response.

Actually, I am developing an Android Application for smart glasses. So, my development is dependent on Java/kotlin for Android Studio and C#/C++ for Unity.

Can you please suggest to me something which is useful for Android Studio? If I generate the signing keys using the windows platform, how can I use them for Android studio?

If you are available for a google meet call, it would be really helpful. How can we proceed with the meeting this week?

Kind regards,

[artronics]

I'm not sure if you received my message from github provided email address. Here is a google doc containing my email address. Please send me an email if you are still intrested.

[JalfResi]

@mail2chromium - I'm going to close this issue. If you have any further questions please reach out to us directly via the channels included in our emails.