diff --git a/changelog.d/20231020_143112_kyle_jwk_full_complement.md b/changelog.d/20231020_143112_kyle_jwk_full_complement.md
new file mode 100644
index 0000000..162b89d
--- /dev/null
+++ b/changelog.d/20231020_143112_kyle_jwk_full_complement.md
@@ -0,0 +1 @@
+- [Bugfix] Updated how the Tutor setting ``JWT_RSA_PRIVATE_KEY`` is rendered into the LMS Django setting ``JWT_AUTH['JWT_PRIVATE_SIGNING_JWK']`` as required by a recent breaking upstream change. The new representation of the ``JWT_PRIVATE_SIGNING_JWK`` simply adds the ``dq``, ``dp``, and ``qi`` parameters. Without this fix, LMS would encounter an ``InvalidKeyError`` on all logins (by @kdmccormick).
diff --git a/tutor/templates/apps/openedx/settings/partials/common_all.py b/tutor/templates/apps/openedx/settings/partials/common_all.py
index b1d5a9f..c9b747a 100644
--- a/tutor/templates/apps/openedx/settings/partials/common_all.py
+++ b/tutor/templates/apps/openedx/settings/partials/common_all.py
@@ -189,6 +189,9 @@ JWT_AUTH["JWT_PRIVATE_SIGNING_JWK"] = json.dumps(
         "n": "{{ jwt_rsa_key.n|long_to_base64 }}",
         "p": "{{ jwt_rsa_key.p|long_to_base64 }}",
         "q": "{{ jwt_rsa_key.q|long_to_base64 }}",
+        "dq": "{{ jwt_rsa_key.dq|long_to_base64 }}",
+        "dp": "{{ jwt_rsa_key.dp|long_to_base64 }}",
+        "qi": "{{ jwt_rsa_key.invq|long_to_base64 }}",
     }
 )
 JWT_AUTH["JWT_PUBLIC_SIGNING_JWK_SET"] = json.dumps(