Set Up the Private Key JWT Flow in Three Python Commands

The Private Key JWT flow is one of the more complicated OIDC flows to set up. At Okta, it’s commonly used to get OAuth4Okta access tokens which enable you to perform managementr tasks on your org. If you already know HOW it works and just want to get to the code, click here to skip ahead. If you’re looking to gain a better understanding of how it works, here’s a high level explanation:


This is a companion discussion topic for the original entry at https://developer.okta.com/blog/2021/11/15/private-key-jwt-python

Thank you very much for sharing the article, it makes it easy for us to understand how it works.

If my knowledge is correct, normally the SP means Service Provider, but here it should be service client generate a public/private keypair, and share the public key with the IdP.

Hi there @hongjie ,

Welcome to the community!

Thank you for clarifying. I agree with you. The OAuth client generates a public/private key pair and shares the public key with the IdP. In this scenario, the client is a service app.

I’ll get it on our backlog to update the text in the post.

Happy coding!

1 Like

@alisaduncan Thanks. :slightly_smiling_face: