Unable to use JWT based authorization

[kirillmakhonin-brt]

Describe the bug?

We're trying to use this SDK to call OKTA API with the JWT signed credentials.
When we've configured it using JWT signing, it fails with the panic.

Code to reproduce

configSetters := []okta.ConfigSetter{
	okta.WithOrgUrl(oktaConfig.OrgUrl),
	okta.WithAuthorizationMode("JWT"),
	okta.WithClientId(oktaConfig.ClientID)
}
if oktaConfig.ScopesList != "" {
	configSetters = append(configSetters, okta.WithScopes(strings.Split(oktaConfig.ScopesList, ",")))
}

clientConfig, err := okta.NewConfiguration(configSetters...)
if err != nil {
	return nil, fmt.Errorf("error loading Okta config: %w", err)
}
// Documentation states that WithClientAssertion exists but it does not in the latest version
clientConfig.Okta.Client.ClientAssertion = oktaConfig.PrivateKey
client := okta.NewAPIClient(clientConfig)

// And now make any call
ctx := context.Background()
req := c.Conn.GroupAPI.ListGroups(ctx)
req = req.Limit(limit)
groups, resp, err := req.Execute() // <--- will fail with panic

What is expected to happen?

Should work with the code abode

What is the actual behavior?

If you run this it will fail with this stacktrace

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x1026c4f08]

goroutine 1 [running]:
github.com/go-jose/go-jose/v3/jwt.(*signedBuilder).sign(0x140002662a0)
	/Users/kirill.makhonin/go/pkg/mod/github.com/go-jose/go-jose/v3@v3.0.3/jwt/builder.go:225 +0x138
github.com/go-jose/go-jose/v3/jwt.(*signedBuilder).CompactSerialize(0x140002662a0)
	/Users/kirill.makhonin/go/pkg/mod/github.com/go-jose/go-jose/v3@v3.0.3/jwt/builder.go:198 +0x3c
github.com/okta/okta-sdk-golang/v5/okta.createClientAssertion({0x140004e61a0, 0x1d}, {0x0, 0x0}, {0x0, 0x0})
	/Users/kirill.makhonin/go/pkg/mod/github.com/okta/okta-sdk-golang/v5@v5.0.6/okta/client.go:691 +0x1a8
github.com/okta/okta-sdk-golang/v5/okta.getAccessTokenForPrivateKey(0x140002b0cc0, {0x140004e61a0, 0x1d}, {0x14000380e00, 0x6cb}, {0x140002d4300, 0x32}, {0x0, 0x0, 0x0}, ...)
	/Users/kirill.makhonin/go/pkg/mod/github.com/okta/okta-sdk-golang/v5@v5.0.6/okta/client.go:731 +0x758
github.com/okta/okta-sdk-golang/v5/okta.(*JWTAuth).Authorize(0x140001d6770, {0x102a06629, 0x3}, {0x140002d4340, 0x2b})
	/Users/kirill.makhonin/go/pkg/mod/github.com/okta/okta-sdk-golang/v5@v5.0.6/okta/client.go:461 +0x5e4
github.com/okta/okta-sdk-golang/v5/okta.(*APIClient).prepareRequest(0x140003ca008, {0x102d98468, 0x140001d6690}, {0x140002aa5a0, 0x28}, {0x102a06629, 0x3}, {0x0, 0x0}, 0x1400041da20, ...)
	/Users/kirill.makhonin/go/pkg/mod/github.com/okta/okta-sdk-golang/v5@v5.0.6/okta/client.go:1256 +0x1934
github.com/okta/okta-sdk-golang/v5/okta.(*GroupAPIService).ListGroupsExecute(0x140003ca010, {{0x102d98468, 0x140001d6690}, {0x102d9e5b0, 0x140003ca010}, 0x140002cca30, 0x0, 0x0, 0x140001e66a0, 0x0, ...})
	/Users/kirill.makhonin/go/pkg/mod/github.com/okta/okta-sdk-golang/v5@v5.0.6/okta/api_group.go:2499 +0xca8
github.com/okta/okta-sdk-golang/v5/okta.ApiListGroupsRequest.Execute({{0x102d984a0, 0x1032195c0}, {0x102d9e5b0, 0x140003ca010}, 0x140002cca30, 0x0, 0x0, 0x140001e66a0, 0x0, 0x0, ...})

When we've tried to dig in details ti looks issue is that getAccessTokenForPrivateKey does not send client_id and fails with

{
  "errorCode" : "invalid_client",
  "errorSummary" : "A client_id must be provided in the request.",
  "errorLink" : "invalid_client",
  "errorId" : "....",
  "errorCauses" : [ ]
}

Reproduction Steps?

Run code above

Additional Information?

No response

Golang Version

go version go1.24.5 darwin/arm64

SDK Version

5.0.6

OS version

No response

[github-actions]

This issue has been marked stale because there has been no activity within the last 14 days. To keep this issue active, remove the stale label.