Add external Idp with OIDC using private_key_jwk

Question

Add external Idp with OIDC using private_key_jwk

jenny hougen 5

I have setup an External identity with custom oidc. I want to use private_key_jwk, but I cannot find the place to provide my private key.

User's image

As specified in the documentation:

Client ID and Client Secret are the identifiers your identity provider uses to identify the registered application service. Client secret needs to be provided if client_secret authentication is selected. If private_key_jwt is selected, private key needs to be provided.

https://learn.microsoft.com/en-us/entra/external-id/customers/how-to-custom-oidc-federation-customers

Gudivada Adi Navya Sri 21,095 Reputation points Moderator

2025-01-03T21:14:17.35+00:00

Hi @jenny hougen

Thank you for posting this in Microsoft Q&A.

I have checked in my environment and noticed the same issue that you mentioned. When we select the client authentication type as private_key_jwt, there should be an option to provide the private key, but it is not available. I will discuss with my team on this and will update you.

Thanks,

Navya.
Givary-MSFT 35,786 Reputation points Microsoft Employee Moderator

2025-01-16T03:22:16.1733333+00:00

@jenny hougen Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back.
Gudivada Adi Navya Sri 21,095 Reputation points Moderator

2025-01-20T16:52:01.1666667+00:00

Hi @jenny hougen

Following up to see if the below answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Tauri Toel 0 Reputation points

2026-04-14T10:44:36.17+00:00

Hello!

Are there any updates on this issue ?
Doesn't seem to be working a year later.

1 answer

Your answer

Gudivada Adi Navya Sri 21,095 Reputation points Moderator

2025-01-03T21:14:17.35+00:00

Hi @jenny hougen

Thank you for posting this in Microsoft Q&A.

I have checked in my environment and noticed the same issue that you mentioned. When we select the client authentication type as private_key_jwt, there should be an option to provide the private key, but it is not available. I will discuss with my team on this and will update you.

Thanks,

Navya.
Givary-MSFT 35,786 Reputation points Microsoft Employee Moderator

2025-01-16T03:22:16.1733333+00:00

@jenny hougen Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back.
Gudivada Adi Navya Sri 21,095 Reputation points Moderator

2025-01-20T16:52:01.1666667+00:00

Hi @jenny hougen

Following up to see if the below answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Tauri Toel 0 Reputation points

2026-04-14T10:44:36.17+00:00

Hello!

Are there any updates on this issue ?
Doesn't seem to be working a year later.

Answer 1

Bora Ozbayburtlu 10

Thank you for the feedback, Jenny. For private_key_jwt implementation, you'll need to use the jwk endpoint which is expected to be predefined in the well-known endpoint. This structure is used for rolling keys automatically using the jwk endpoint. However, we also have alternative plans to support key pairs for private_key_jwt.

Mason Jones 0 Reputation points

2025-06-11T15:01:14.3266667+00:00

is there a timescale to providing support for private keys being entered manually?

Share via

Add external Idp with OIDC using private_key_jwk

1 answer

Your answer