PowerShell and JSON Web Token Handler

Yesterday, I've been trying to to get Google Admin SDK Directory API (which replaces Google Apps Provisioning API) to work with PowerShell and JSON Web Token (JWT) Handler.

Unfortunately, JWT Handler did not like certificate generated by Google APIs console. I kept receiving the following error:

Exception calling "WriteToken" with "1" argument(s): "Jwt10530: The 'System.IdentityModel.Tokens.X509AsymmetricSecurityKey' for signing cannot be smaller than '2048' bits. Parameter name: key.KeySize Actual value was 1024."

Google APIs console generates a private key of 1024 bits and JWT Handler requires the private key to be at least 2048 bits. The only way I saw to get around this was not to use JWT Handler when connecting to Google's new APIs. (A future post will demonstrate this. Update 2020-03-19, here it is)

If you are working with JWT-enabled web services that support private keys 2048 bits and greater, then you can use the PowerShell code below.

Tested using Windows 8, PowerShell 3.0, .NET Framework 4.5, JSON Web Token Handler For the Microsoft .Net Framework 4.5 1.0, Win32 OpenSSL 1.0.1eNuGet Command-Line Utility 2.7.

  1. Download NuGet Command-Line Utility.
  2. Install the JWT Handler:
    nuget.exe Install System.IdentityModel.Tokens.Jwt
  3. Generate test certificate:
    set OPENSSL_CONF=C:\OpenSSL-Win64\bin\openssl.cfg

    C:\OpenSSL-Win64\bin\openssl.exe req -x509 -nodes -days 365 -newkey rsa:2048 -keyout D:\myapp.key -out D:\myapp.crt

    C:\OpenSSL-Win64\bin\openssl.exe pkcs12 -export -in D:\myapp.crt -inkey D:\myapp.key -out D:\myapp.pfx