Overview#
Client Authentication Methods are the OPTIONAL requested Authentication Methods for the token_endpoint for OAuth 2.0, OpenID ConnectValid values are:
- none: this is a OAuth Public Client as defined in OAuth 2.0 and does not have a Client Secret
- client_secret_basic: the OAuth Client uses HTTP Basic defined in OAuth 2.0 section 2.3.1
- client_secret_post: the OAuth Client uses the HTTP POST parameters defined in OAuth 2.0 Dynamic Client Registration Management Protocol section 2.3.1
- client_secret_jwt: the OAuth Client uses the JWT Assertion profile with a symmetric secret issued by the server
- private_key_jwt: the OAuth Client uses the JWT Assertion profile with its own private key
During Client Registration, the Relying Party (OAuth Client) MAY register a Client Authentication method. If no method is registered, the default method is client_secret_basic.
Other Authentication Methods may be defined by extension. If unspecified or omitted, the default is client_secret_basic, denoting HTTP Basic Authentication Scheme as specified in RFC 6749 Section 2.3.1 of OAuth 2.0.
