A way to assign keys for signing inside the dev console / classic UI to an existing application?

I’ve realised that the JWT’s I’ve been getting can be validated on my server without a public key… obviously this isn’t great so I went hunting for a way to add a key for signing to my application in the okta UI and I can’t see it anywhere.

This guide: https://developer.okta.com/docs/guides/implement-oauth-for-okta-serviceapp/-/create-publicprivate-keypair/ seems a little vague. Is it the best one? The next steps ask me to create a client via the API.

Am I missing something? I was expecting to be able to add a key somewhere in the menus - but I’ve already created a client. I guess a good question is - can I add a key (jkws?) to an existing application?

Any help is greatly appreciated.


Ah wait a minute - I think I misunderstood. Don’t need to do that as my back-end is looking at the key provided at https://DOMAIN.okta.com/oauth2/default/v1/keys - right ?

Should I trust that this key is secure etc?

That’s correct. The public keys can be found on the /keys endpoint https://developer.okta.com/docs/reference/api/oidc/#keys You can usually find the url from the metadata url.