How to upload public key for an OpenID application

mcduser999 · December 4, 2024, 6:09pm

Hello!

I’m trying to upload a public key to be used by Okta to validate the signature of the JWT submitted with the authentication code request.

I’m getting as far as clicking the “Add Key”. But there is no option to upload, just paste, and when I paste the certificate, it displays an “Invalid JSON format” error.

I did try converting it to JSON format, but when save it, it says “invalid date time”. And now that the key is saved, I can’t delete it.

My questions are:

Is there a way to upload the public certificate (as opposed to paste?)
Otherwise, is there a way to paste it in pem format as opposed to json format?
I noticed it gives the pem option if you generate the key.
Is there any way to delete the key once created?
Is there any documentation on this procedure (I’ve looked, by might have missed it)

Thanks!

andrea · December 5, 2024, 4:47pm

Our APIs support adding/removing Public keys from OIDC apps (see details at the bottom of this post)
We only support uploading public keys as JWKS, not PEM, so you will need to convert it first.
When you tried to delete the key within the UI, did you make sure to add a new key first and then deactivate the old one?

Screenshot 2024-12-05 at 8.41.17 AM810×384 20.8 KB

Once I added a second key to my app, I was able to set my first key to Inactive and then I was able to Delete it

Screenshot 2024-12-05 at 8.43.02 AM834×494 26.5 KB
There is some information about how to configure an app for Private Key JWT auth in our guide on how to Implement OAuth for Okta with a service app. As far as using our API instead, as this is related to OIDC apps, the ability to configure this is available as part of the to Dynamic Client Registration endpoint (which is part of the OAuth/OIDC specs) AND via Okta’s Apps endpoint

mcduser999 · December 10, 2024, 1:43am

Thanks so much! This was very helpful. I’ve gotten it to save the JWT, however, still no luck authenticating. I will post another question on that.

system · December 11, 2024, 5:04pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Looking for the Okta API to work with Access Token OAuth/OIDC	2	2674	May 18, 2022
Oauth Access token with public/private key approach OAuth/OIDC	2	191	September 29, 2024
How to authenticate client using signed jwt with private key Questions	3	6701	March 20, 2019
JWT authentication fails / app keys not in /oauth2/default/v1/keys Questions	3	6887	October 15, 2020
Okta AS Keys mismatch what jwt.io reports Questions	2	3650	February 8, 2024

How to upload public key for an OpenID application

Related topics