Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

SMART/FHIR proxy server and app launcher

Launcher for SMART apps

OIDC Keys generation

To generate new private and public keys make sure you have openssl (comes pre-installed with the Mac), cd to the project root and execute:

npm run cert

Then re-start the server and it will use the new keys.

OIDC Token verification

If you want to verify the tokens follow this procedure:

  1. Point your server to /.well-known/openid-configuration/. This should render a JSON with a link to another file like this:
    "jwks_uri": "http://localhost:8443/keys"
  1. Follow that link and it should return an array with one or more JWK keys like this:
    "keys": [
            "alg": "RS256",
            "kid": "9c37bf73343adb93920a7ae80260b0e57684551e",
            "use": "sig",
            "kty": "RSA",
            // ...
  1. Use the first key and extract the public key out of it. To do so, you can use tools like Something like this would be the basic example:
const JWK_KEY = getJwkKeySomehow(); // as described above
const ID_TOKEN = getIdTokenSomehow();
try {
    jwt.verify(ID_TOKEN, jwkToPem(JWK_KEY), { algorithms: ["RS256"] });
} catch (ex) {
    // Cannot verify the token...

Libraries like can be used to automate this process.

Notes about

People often use to generate and validate tokens. However, it seems that the RS256 signature verification feature expects you to paste x.509 formatted public key or certificate and does not work with PEM-encoded PKCS#1 public keys. For that reason, if you want to manually verify your token at, you will need to provide the original x.509 version of the public key that you can find at the /public_key endpoint of the server.

Using Docker

docker run -t -p 9009:80 smartonfhir/smart-launcher:latest