> ## Documentation Index
> Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Okta_JWK

> An Okta JSON Web Key

<img noZoom src="https://mintcdn.com/specterops/tTIczgde9H07oLXf/assets/enterprise-AND-community-edition-pill-tag.svg?fit=max&auto=format&n=tTIczgde9H07oLXf&q=85&s=ad49a576589f4d2a8081df77d07fdf56" alt="Applies to BloodHound Enterprise and CE" width="482" height="45" data-path="assets/enterprise-AND-community-edition-pill-tag.svg" />

## Overview

JSON Web Keys (JWKs) are used by OAuth 2.0 client applications to authenticate with Okta using the `private_key_jwt` client authentication method. This is an asymmetric authentication mechanism where the application possesses a private key and Okta stores the corresponding public key. A service application can have multiple JWKs configured for key rotation purposes.

JWKs are represented as Okta\_JWK nodes in BloodHound.

## Edges

<Note>
  The tables below list edges defined by the Okta extension only. Additional edges to or from this node may be created by other extensions.
</Note>

### Inbound Edges

No inbound edges are defined by the Okta extension for this node.

### Outbound Edges

| Edge Type                                                  | Destination Node Types                                                 | Traversable |
| ---------------------------------------------------------- | ---------------------------------------------------------------------- | ----------- |
| [Okta\_KeyOf](/opengraph/extensions/okta/edges/okta_keyof) | [Okta\_Application](/opengraph/extensions/okta/nodes/okta_application) | ✅           |

## Properties

| Name          | Source                        | Type       | Description                                    |
| ------------- | ----------------------------- | ---------- | ---------------------------------------------- |
| `id`          | `jwk.id`                      | `string`   | Unique JSON Web Key identifier.                |
| `name`        | `jwk.kid` (fallback `jwk.id`) | `string`   | Key identifier used as node name.              |
| `displayName` | `jwk.kid` (fallback `jwk.id`) | `string`   | Display label used in BloodHound.              |
| `oktaDomain`  | Collector context (non-API)   | `string`   | Okta organization domain where the key exists. |
| `status`      | `jwk.status`                  | `string`   | Current lifecycle status of the key.           |
| `kid`         | `jwk.kid`                     | `string`   | JSON Web Key identifier (`kid`).               |
| `kty`         | `jwk.kty`                     | `string`   | Key type (`RSA`, `EC`, ...).                   |
| `use`         | `jwk.use`                     | `string`   | Intended key usage (`sig`, `enc`).             |
| `created`     | `jwk.created`                 | `datetime` | Key creation timestamp.                        |
| `lastUpdated` | `jwk.lastUpdated`             | `datetime` | Last update timestamp.                         |

## Sample Property Values

```yaml theme={null}
id: pksw0py294dQ80EdI697
name: ncxmNARybDrxlemwkrvyphCYQ2VwMG9cxV95jgVziZ4
displayName: ncxmNARybDrxlemwkrvyphCYQ2VwMG9cxV95jgVziZ4
oktaDomain: contoso.okta.com
status: ACTIVE
kid: ncxmNARybDrxlemwkrvyphCYQ2VwMG9cxV95jgVziZ4
kty: RSA
use: sig
created: 2025-10-02T10:14:44Z
lastUpdated: 2025-10-02T10:26:27Z
```