Build a JWT With a Shared Key

If you configured your application to use the client_secret_jwt client authentication method, then you want to build a JWT that you sign with the client_secret using an HMAC SHA algorithm (HS256, HS384, or HS512).

Using the JJWT library:

String clientSecret = "{clientSecret}"; // Or load from configuration
SecretKey sharedSecret = Keys.hmacShaKeyFor(clientSecret.getBytes(StandardCharsets.UTF_8));
Instant now = Instant.now();

String jwt = Jwts.builder()
        .setAudience("https://${yourOktaDomain}/oauth2/default/v1/token")
        .setIssuedAt(Date.from(now))
        .setExpiration(Date.from(now.plus(5L, ChronoUnit.MINUTES)))
        .setIssuer(clientId)
        .setSubject(clientId)
        .setId(UUID.randomUUID().toString())
        .signWith(sharedSecret)
        .compact();

Next: Build a JWT With a Private Key

Build a JWT With a Shared Key

On This Page