How do I create an OktaClient using PrivateKey authorization in the dotnet SDK?
There are not any examples I can find in the documentation. I have a .pfx file and am able to create an X509Certificate2 from the file, but can not, for the life of me, figure out how to convert it to the format required by the JsonWebKeyConfiguration.
The only partial example I’ve found is from a unit test (https://github.com/okta/okta-sdk-dotnet/blob/ded2b51ce5534fa54d2099ce78bf674ba6978be4/src/Okta.Sdk.UnitTests/Internal/TestCryptoKeys.cs), but it’s already a serialized JWK.
What I’ve tried that doesn’t work, getting the error Something went wrong when creating the signed JWT. Verify your private key.:
var signingCert = new X509Certificate2("{{my_cert}}.pfx", "{{pass_phrase}}");
var privateKey = signingCert.GetRSAPrivateKey();
// Also tried this
// var privateKey = new X509SecurityKey(signingCert);
var jwk = Microsoft.IdentityModel.Tokens.JsonWebKeyConverter.ConvertFromX509SecurityKey(privateKey);
var jwkSerialized = JsonSerializer.Serialize(jwk);
but jwkSerialized looks like
{
"AdditionalData": {},
"Alg": null,
"Crv": null,
"D": null,
"DP": null,
"DQ": null,
"E": null,
"K": null,
"KeyId": "{{hidden}}",
"KeyOps": [],
"Kid": "{{hidden}}",
"Kty": "RSA",
"N": null,
"Oth": null,
"P": null,
"Q": null,
"QI": null,
"Use": null,
"X": null,
"X5c": [
"{{base64_encoded_cert_hidden}}"
],
"X5t": "{{hidden}}",
"X5tS256": null,
"X5u": null,
"Y": null,
"KeySize": 0,
"HasPrivateKey": false,
"CryptoProviderFactory": {
"CryptoProviderCache": {},
"CustomCryptoProvider": null,
"CacheSignatureProviders": true
}
}
Additionally, it’d be great if the private key could be passed to the client configuration rather then sending in a JSON blob as a string, having it converted to an object (JsonWebKeyConfiguration), then converted back to JSON (The latter steps happening under the hood). JsonWebKeyConfiguration should just accept a SecurityKey in its constructor IMO.