Apologies but I am very new to Powershell however I have a few basic API integrations setup that I need to move from basic auth to OAUTH (JWT).

I am trying to create a JWT and an RSA Certificate and sign the JWT with the RSA Certificate private key so that it can be consumed by a system I have an integration with in order to allow the integration to continue with the improved level of authentication.

Code I have created so far for JWT creation.
Note: “alg”=”HS256”, I know this needs to be changed to RS256 in order to sign it.

Import-Module E:JWTJWT.psm1

$kid = "INTEGRATION_NAME"
$exp = [int](Get-Date -UFormat %s) + 3600
$UID = $kid +"_"+ $exp #Generate unique ID by hashing Date/Time, Username
$payload = @{"aud" = "CLIENT_ID"; "sub" = "SERVICE_USER"; "iss" = "itsm-incident-request-api"; "jti" = $UID; "exp" = $exp}
$Header = @{"type"="JWT"; "alg"="HS256";"kid"=$kid}


$jwt = New-Jwt -Header ($Header | ConvertTo-Json) -PayloadJson ($payload | ConvertTo-Json) -Secret 'CLIENT_SECRET'

Write-Output $jwt

Code I have created to for the creation of the RSA key pair.

$store = "cert:CurrentUserMy"

$params = @{
 CertStoreLocation = $store
 Subject = "CN=INTEGRATION_NAME"
# Subject = "CN=Test1"
 KeyLength = 2048
 KeyAlgorithm = "RSA" 
 KeyUsage = "DigitalSignature"
 Type = "Custom"
}

# generate new certificate and add it to certificate store
$cert = New-SelfSignedCertificate @params

Get-ChildItem -path $store

$pwd = ("P@ssword" | ConvertTo-SecureString -AsPlainText -Force)
$privateKey = "E:JWTprivate.pfx"
$publicKey = "E:JWTpublic.cer"

# Export private key as PFX certificate, to use those Keys on different machine/user
Export-PfxCertificate -FilePath $privateKey -Cert $cert -Password $pwd
Write-Output $privateKey

# Export Public key, to share with other users
Export-Certificate -FilePath $publicKey -Cert $cert
Write-Output $publicKey

#$cert | Remove-Item

Finally the code I have created to try and sign a new JWT token which I just cant get to work.

Import-Module E:JWTJWT.psm1
$Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("E:JWTprivate.pfx","P@ssword")


$Cert = (Get-ChildItem Cert:CurrentUserMy)[23]
Write-Output $Cert


$kid = "INTEGRATION_NAME"
$exp = [int](Get-Date -UFormat %s) + 3600
$UID = $kid +"_"+ $exp #Generate unique ID by hashing Date/Time, Username
$payload = @{"aud" = "CLIENT_ID"; "sub" = "SERVICE_USER"; "iss" = "itsm-incident-request-api"; "jti" = $UID; "exp" = $exp}
$Header = @{"type"="JWT"; "alg"="RS256";"kid"=$kid}

$jwt = New-Jwt -Cert $Cert -Header ($Header | ConvertTo-Json) -PayloadJson ($payload | ConvertTo-Json) -Secret 'CLIENT_SECRET'

And the result I get is There's no private key in the supplied certificate - cannot sign

I am not sure what I am doing wrong, I have tried to rewrite the code above in different ways, i have tried to reference the certificate from the user store ($Cert = (Get-ChildItem Cert:CurrentUserMy)[23]) but its the same result. I am not sure what I am doing wrong.

Any help / guidance would be greatly appreciated.