.net core 3.1 – How do I create a JWK from PFX certificate?

Background: I’m trying to create a JWK from a PFX file so that I’m able to use the Okta SDK.

The OktaClient expects the private key in the form of a JWK. An example I stole from their unit tests looks like.

    "p": "{{lots_of_characters}}",
    "kty": "RSA",
    "q": "{{lots_of_characters}}",
    "d": "{{lots_of_characters}}",
    "e": "AQAB",
    "kid": "3d3062f5-16a4-42b5-837b-19b6ef1a0edc",
    "qi": "{{lots_of_characters}}",
    "dp": "{{lots_of_characters}}",
    "dq": "{{lots_of_characters}}",
    "n": "{{lots_of_characters}}"

Everything I’ve tried results in the exception “Something went wrong when creating the signed JWT. Verify your private key.” I believe this is because I’m losing the private key part of the cert when I use the IdentityModel convert method (noted below).

var signingCert = new X509Certificate2("{{my_cert}}.pfx", "{{my_passphrase}}");
var privateKey = signingCert.GetRSAPrivateKey();
var rsaPrivateSecurityKey = new RsaSecurityKey(rsaPrivateKey);

// The "HasPrivateKey" flag is suddenly false on the resulting object from this method
var rsaPrivateJwk = JsonWebKeyConvert.ConvertFromRSASecurityKey(rsaPrivateSecurityKey);

var rsaPrivateJwkSerialized = JsonSerializer.Serialize(rsaPrivateJwk);

var oktaClientConfig = new OktaClientConfiguration
    OktaDomain = "{{my_okta_domain}}",
    ClientId = {{my_client_id}},
    AuthorizationMode = AuthorizationMode.PrivateKey,
    PrivateKey = new JsonWebKeyConfiguration(rsaPrivateJwkSerialized);,
    Scopes = new List<string> {"okta.users.manage"}

var oktaClient = new OktaClient(oktaClientConfig);

// This throws when trying to self-sign the JWT using my private key
var oktaUsers = await oktaClient.Users.ListUsers().ToArrayAsync();