The token end point is: https://fhir.careevolution.com/Master.Adapter1.WebClient/identityserver/connect/token
Client ID: JWTClientCredentials
Issuer: JWTClientCredentials
Audience: https://fhir.careevolution.com/Master.Adapter1.WebClient/identityserver/connect/token
Scope: system/*.read or system/*.*
Signing private key:
-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAwrF3meoSKUq1Qcxh7CZg20koes44qou146J2b9G2Mo0HtEnC kDI3w+BhDUzXK6cGVKAyjyqUCYv4JFkBxGj9w6Da6i37CTyz5Q6IZ49bNDfTp6bU xhYRaBZzaZLlepFAWMhgOA0PTu6G+m5XyrCBR2CqnRxMu43hnfIMc3xW6hjgaeJU bBCG/JrwztD3h82FLvlfR2k0ZW43PYoqT4qVSsF6T3tU3Im6ckCOTlNV9aWvEx2Y eBrgGx5Mr64fKCSUo3euAW4XxCR4pbtkt8vtOriGvDGkgMOdpT12ruygxQdlHlS/ jbqHhx435u24hOcmr38dzgXcN7Ib7rSKtQ2O4wIDAQABAoIBACke9pXpnGBgSRxW oLASAw8NyqD1gX5z97zWiZFgh8zxgJkRoyh1ktWqRJVcj23G301scIFQiufhSk3T Bs6HJmH1TYd8orL2wUA165WD7819pRSZ5gLYkmCbrVC1GAblOuQFnlz4VS1kr9mh CKXk1clPn3mDiqlqdCa6Aus5bdoPfHkxhyeJbBFo2HegFdsmcrrgZa1EldYYArTu DDU2N+zBpzVDpsoy3HPXp6Pjo1w3LSsQKF9Ny2XltnHdGGe/b+Pyh+3b9GhZ6Seb yxn5m0sBb4ncMFZDeYDj4hK2hFehghPazWT+NWsmukOIt6kfM0POxFPnOJXW9mez zyEezpECgYEA7/Lg2fLhkez5iak/q7DTgsY67VbipnhUwIk5eV0uYHJh/w6pg/uo ViRJ7HVF8ush77PPOv6gionIAzdsadsijG2KrNBIqxnlNutkRhTFrduiRFTN/uL8 4RkXOxqyzhUCltErT5B2/OGKW+T/rGYzkVt6I9RfIYc33wMCmGKJYJ8CgYEAz7eW nHJK9xR/AWsrn5jBdKSumoXFV1Fqh0uDAxNiI/9LBvruhK8jCPdL5rFNdyptFbMs H7aLHT1HHX9w5qpVctxnqXvwmXPxCM+XZKk5tm1jXwJgryas9abK7SbNRzMlqEnj /HoSVrnrM3HEHeof17Rf93KTheL5xWW3qhpU1z0CgYEA7XHGakb8SyBbK4vNkwQv ukiZxYXmUd/f1ou00VGRdCWcrf5/ZzkgsuXENXczmhhug7rGxlV03sNLp0swQGx2 espnoW2Xi6HbfoZfuy4RFGO05rOZCbLrlYDzySw5Zs/JuR8SIfEOnl4+QYOSMrMM Mrp4Wn5tCUu60Tg0WEGiOncCgYEAk6cTHp53/27IYT/HQKmbSskNfLX+c3ViXk4l EPikWKZOtOWGyzablvIDODdss3qrFDPK97gQ53X5qVQ/8xe9qepWnbmGa+5otjSq j1ljtvPHIXBVPewmInCv6ygb37LR3/C2aXB0vMVoFaeXGxSkEfccCI+fohqYJeOK TRZunJkCgYAxIGFRbutiaj6UfhcnlQqDweINVAqdAIxt8nM4vJdtVoIzs8jZdQap yRutayhUvBV2gp/mIXts2fjVZNP6OQbMyMxqJhR4mU+t3byZ7btrL35Lt9aaLg0d JM1+//zpCVq1zc63j+VQ8Wt/psRwAuUoWk/b1AbkeKIYRVFy/H/9MQ== -----END RSA PRIVATE KEY-----or you can download the certificate, it has password
jwt.careevolution.com.
Corresponding public certificate (to check if the signature is valid):
-----BEGIN CERTIFICATE----- MIIC9TCCAd2gAwIBAgIJAJVDz7qx3iFnMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNV BAMTFWp3dC5jYXJlZXZvbHV0aW9uLmNvbTAeFw0yMDAxMDkyMTMxMjRaFw0yNTA3 MDEyMTMxMjRaMCAxHjAcBgNVBAMTFWp3dC5jYXJlZXZvbHV0aW9uLmNvbTCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKxd5nqEilKtUHMYewmYNtJKHrO OKqLteOidm/RtjKNB7RJwpAyN8PgYQ1M1yunBlSgMo8qlAmL+CRZAcRo/cOg2uot +wk8s+UOiGePWzQ306em1MYWEWgWc2mS5XqRQFjIYDgND07uhvpuV8qwgUdgqp0c TLuN4Z3yDHN8VuoY4GniVGwQhvya8M7Q94fNhS75X0dpNGVuNz2KKk+KlUrBek97 VNyJunJAjk5TVfWlrxMdmHga4BseTK+uHygklKN3rgFuF8QkeKW7ZLfL7Tq4hrwx pIDDnaU9dq7soMUHZR5Uv426h4ceN+btuITnJq9/Hc4F3DeyG+60irUNjuMCAwEA AaMyMDAwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBPAwEwYDVR0lBAwwCgYIKwYB BQUHAwIwDQYJKoZIhvcNAQELBQADggEBABfhf1OUsYlFuQ3fAVjkneHqnVvnUGdM 9Pm+k3aUMJ6qBHBrghoDyEjzBXR+YQSp6VeQUfbWhOPOleMdFmON2d+BRVXoZgoG JqVs32sS8jav0IH8oi9t+qZRXhCiLs0xNOhn/FdKqnxMfcrRq6knCw7b/WSsoHCS UoJ+GClRebRz4pTEJKR4wyxyCZsIMIOUlYcYG51kUDEAhxVKJHeYUawHjAFsiqFI m2J+PA1/XQaI9VXNNv+/WiHPIeMsyTff7kKHc/vvQ/LH66z80Oe5VY8kGt0rq6Jh IK8a/MmOxqlxuBIwwVwEtL9u/ThAywCHrlfFQ5fO1BevlhiAw+h33XY= -----END CERTIFICATE-----
The JWT must be signed using the RS256 algorithm (this is not conformant with the specifications that prescribe either RS384 or ES384 - but it is what we have at the moment)
The JWT must have the x5t header property set to kd_Uob1ueoByiUFZQaiS8tPdto4= (the thumbprint of the above certificate)
JWT header example:
{
"typ": "JWT",
"alg": "RS256",
"x5t": "kd_Uob1ueoByiUFZQaiS8tPdto4="
}
JWT body example:
{
"iss": "JWTClientCredentials",
"sub": "JWTClientCredentials",
"aud": "https://fhir.careevolution.com/Master.Adapter1.WebClient/identityserver/connect/token",
"exp": 1583332880,
"jti": "8b30fa537e075e98a3da4c6f5b64250f931fb3f85a386938d044f0a87176a381"
}