JWT SSO for private content - invalid secret key for RS256 signing algorithm

devcturla · ‎Apr 26, 2022

What's the correct value for the Secret Key form if the signing algorithm is RS256? I'm using the client secret key from the application settings on Cognito but I'm getting Invalid JWT Settings.

Jaycee_Lewis · ‎May 2, 2022

Hey @devcturla I have an update from our internal resources.

The most likely reason for the error 'Your Secret key is not valid' is either:

a.) They're entering in the 'private key' for their SSO implementation, we actually expect their 'public key'

b.) The secret key doesn't match the signing algorithm

Thanks! – Jaycee

Loop Marketing is a new four-stage approach that combines AI efficiency and human authenticity to drive growth.

Learn More

View solution in original post

NMakar · ‎Nov 17, 2022

@devcturla did you reach a solution?

Jaycee_Lewis · ‎May 2, 2022

Hey @devcturla I have an update from our internal resources.

The most likely reason for the error 'Your Secret key is not valid' is either:

a.) They're entering in the 'private key' for their SSO implementation, we actually expect their 'public key'

b.) The secret key doesn't match the signing algorithm

Thanks! – Jaycee

Loop Marketing is a new four-stage approach that combines AI efficiency and human authenticity to drive growth.

Learn More

Jaycee_Lewis · ‎Apr 28, 2022

Hey, @devcturla 👋. Thanks for the great question! I am doing a bit of research for us and I'll follow up here.

Additionally, I found this thread for a similar case but it didn't provide the specific bit of custom coding required https://community.hubspot.com/t5/APIs-Integrations/JWT-SSO-for-Private-Content-Invalid-Requirements-...

Talk soon 🧡
Jaycee

Loop Marketing is a new four-stage approach that combines AI efficiency and human authenticity to drive growth.

Learn More

JWT SSO for private content - invalid secret key for RS256 signing algorithm

Sign up for the Developer Newsletter