Build a JWT With a Private Key

If you configured your client to use the private_key_jwt client authentication method, then you want to build a JWT that you sign with your private key using an RSA or ECDSA algorithm (RS256, RS384, RS512, ES256, ES384, ES512).

Using the NJWT library:

const njwt = require('njwt');

const privateKey = // Load an RSA private key from configuration
const clientId = "{clientId}"; // Or load from configuration
const now = Math.floor( new Date().getTime() / 1000 ); // seconds since epoch
const plus5Minutes = new Date( ( now + (5*60) ) * 1000); // Date object

const claims = {
  aud: "https://${yourOktaDomain}/oauth2/default/v1/token", // audience
};

const jwt = njwt.create(claims, privateKey)
  .setIssuedAt(now)
  .setExpiration(plus5Minutes)
  .setIssuer(clientId)
  .setSubject(clientId)
  .compact();

Next Steps

Build a JWT With a Private Key

On This Page