OAuth 2.0 private key?


Can yuo please help explain in the Yaml file for OAuth what is the private key from?

Thank you

Hi @Agets1981,

This is the private key from the keypair that you as a user generates. The corresponding public key is used to create the service app and finally get the access token using the client credentials flow.
If you’re not familiar with this flow, please read this - https://developer.okta.com/docs/guides/implement-oauth-for-okta-serviceapp/overview/

The following are the high-level steps required to perform the Client Credentials grant flow with an OAuth service app:

  1. Create a public/private JSON Web Key Set (JWKS) key pair and extract the public key to pass it along with the client creation API call.
  2. Create the app and register the public key with the app.
  3. Grant the required OAuth scopes to the app.
  4. Create a JSON Web Token (JWT) token and sign it using the private key for use as the client assertion when making the /token endpoint API call.

Steps 1 - 3 need to be performed by the user.
Step 4 is what the SDK does to get hold of an access token.

We will update the README to explain about the private key.
I generally use this to generate a keypair - https://mkjwk.org/
And this to convert get the private key pem file - https://8gwifi.org/jwkconvertfunctions.jsp

Hope this helps.

1 Like

Hi @vijet and thanks for answer

We will follow the guide you presented.

For now we want the profile mastering to implement using the okta sdk to create users - is your guide applicable here too?

Yes @Agets1981.
There are 2 ways to use the SDK currently.
You can create a long lived API token which can be used to create users using the SDK.
Or you can use the scoped OAuth access token, in which case the guide is applicable.

1 Like