OutSystems.NssJWT_Core.JwtException: Unable to open private key.
Application Type
Service Studio Version
11.14.16 (Build 60354)
Platform Version
11.13.2 (Build 32392)


I'm trying to use the JWT_Core dependency to create a JWT token so I can call Google Analytics API.

I created a Service Account in Google Cloud Platform, and generated a private key. The private key generated by Google is password-less.

I filled in the token payload, and for the TokenAsymmetricSigningCredentials, I specified:

  • algorithm: "RS256"
  • KeyId : keyId provided by Google
  • PrivateKey : private key provided by Google in PEM format: "-----BEGIN PRIVATE KEY----- blablabla -----END PRIVATE KEY-----"

However, when calling the CreateToken server action from  JWT_Core, I get the error: "Unable to open private key. Validate if private key in PEM format and password is correct."

What can I do, considering that Google does not provide a password-less private key? 

I also tried to use the CreateSignedAsymmetricTokenWithJsonWebKey server action of JWT module from the Forge (instead of JWT_Core), but was unable to set my private key in the field "JWKPlain" as Outsystems told me the content of the field was invalid. 

Thanks for your help


Hi Daniel,

I recently helped implement google auth using a service account to access a google API, if I remember correctly you should use the CreateSignedAsymmetricTokenWithPemKey action (JWT module) to create the token and when generating the keys google returns you a json file with the private key were each part of the private key is separated by \n, you cannot just copy that field, it should go from this:

"-----BEGIN PRIVATE KEY-----\nABCD\nABCD\n[...]\n-----END PRIVATE KEY-----\n"

To this:





-----END PRIVATE KEY-----"

Feed the private key string like that to the action and don't forget to fill in the rest of the mandatory fields like KeyId, Issuer, IssuedAt, Audience and Claims.

Hope it helps.

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.