We are using Service App (client credentials grant flow) with Okta Java SDK to access Okta API.
I have created the Service App by following
We need to rotate the JWKS/public private keys, looks like I can update the public key using “Update Client Application” (see link below), but I don’t see how to specify the key to be used on the Client (old vs new key, when the key is updated)
I found below link, and it looks like the key id (“kid”), needs to be set to specify the key to be used, but I don’t see a way to set the kid using Okta Java SDK.
And below how we connect to Okta API via Okta Java SDK.
Client client = Clients.builder()
.setOrgUrl(orgUrl)
.setClientId(client id of the service app)
.setAuthorizationMode(AuthorizationMode.PRIVATE_KEY)
.setPrivateKey(privateKey())
setScopes(okta api scopes)
.build();
Note the privateKey() method above, returns the Private Key, my questions how to rotate the public key on the Okta Service app ? That way if the public key is rotated, the privateKey() method will return new private key associated with the latest public key update on the Service App.
Note: You can’t use the access token from a service app to update the JWKS for the service app itself. You will need to use an Okta API token instead to make the request.