Hello Community,

I'm starting to explore OAuth2 and, as a first step, I want to set up an OAuth2 authentication with Microsoft. I've created a small sample page that attempts to sign in with Microsoft. However, after entering the user credentials, the redirection doesn't work.

 
Die Einstellungen im Managment Portal sehen wie folgt aus:

System>Security Management>OAuth 2.0 Client>Create Server Description:
   
System>Security Management>OAuth 2.0 Client>Client Configurations
 

The redirect URI is also registered in Azure, and the web application "/csp/sys/oauth2" is activated.

What could be the reason that it's still not working?

Best regards,
Daniel Goerke

I need to create a JWT to connect to EPIC FHIRserver sandbox.

https://fhir.epic.com/Documentation?docId=oauth2&section=BackendOAuth2Guide

You will generate a one-time use JSON Web Token (JWT) to authenticate your app to the authorization server and obtain an access token that can be used to authenticate your app's web service calls. There are several libraries for creating JWTs. See jwt.io for some examples.

The header and payload are then base64 URL encoded, combined with a period separating them, and cryptographically signed using the private key to generate a signature.

I attempted using this code:

ClassMethod test2() As %Status

{

    #Dim sigJOSE As %DynamicObject

    #Dim encJOSE As %DynamicObject

    #Dim claims As %DynamicObject

    Set ts = $ZTIMESTAMP  // 67161,81327.6633447

    Set exp = ##class(%OAuth2.Utils).TimeInSeconds(ts,300)

    Set nbf = ##class(%OAuth2.Utils).TimeInSeconds(ts,0)

    Set iat = ##class(%OAuth2.Utils).TimeInSeconds(ts,0)

    Set sigJOSE = {}

    Set sigJOSE.alg = "RS384"

    Set sigJOSE.typ = "JWT"

    Set header = sigJOSE.%ToJSON()

    Set claims = {}

    Set claims.iss = "863e73c5-9839-4b54-8205-c9404d2bb762"

    Set claims.sub = claims.iss

    Set claims.aud = "https://fhir.epic.com/interconnect-fhir-oauth/oauth2/token"

    Set claims.jti = "f9eaafba-2e49-11ea-8880-5ce0c5aee679"

    Set claims.exp = exp

    Set claims.nbf = nbf

    Set claims.iat = iat

    Set payload = claims.%ToJSON()

    //Set sigJWKS = ..MyKeys()

    //Set encJWKS = ""

    //Set tSC = ##class(%Net.JSON.JWT).Create(sigJOSE,{},claims,sigJWKS,encJWKS,.JWT)

    //Do $System.Status.DisplayError(tSC)

    Set bitLength = 384

    Set flags = 0

    Set tData = ##class(%SYSTEM.Encryption).Base64Encode(header,flags)_"."_##class(%SYSTEM.Encryption).Base64Encode(payload,flags)

    Set key = ..PrivateKey()

    //Set privKeyPassword = ""

    Set x = ##class(%SYSTEM.Encryption).RSASHA3Sign(bitLength, tData, key)

    zw

    Quit x

}

x does not look like the expected value