How to get JWK URL for epic fhir resources?

203 views Asked by At

Im using open epic documentation (https://fhir.epic.com/Documentation?docId=oauth2) I'm able to create application But in bottom it asked me upload public key and also add jwk url (which is not required) but for accessing the public key I feel i need to add this to for authenticating user.here is the image reference

I don't know from where will i get this JWK URL. In many documentation it was mentioned to hit

GET https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/.well-known/smart-configuration HTTP/1.1
Accept: application/json

the above endpoint to get jwk url . But there is nothing related to it. or do i need to create an endpoint in my project and then pass it here. if yes, then what should that API looks like. I'm using djangorestframework. If anyone can help me with this that would be grate.

1

There are 1 answers

2
Ashavan On

That is a URL that you set up and host. This URL points to your JWKS that contains the public key(s) for your app. When you go through the authentication flow, you will sign the JWT with your private key. The Epic instance you are connecting to will lookup the correct public key from that specified URL and use the public key to validate the authenticity of the JWT. There's some info here that describes hosting the URL and the format of the key set.