Overview#

Client Authentication Methods are the OPTIONAL requested Authentication Methods for the token_endpoint for OAuth 2.0, OpenID Connect

Valid values are:

• none: this is a OAuth Public Client as defined in OAuth 2.0 and does not have a Client Secret
• client_secret_basic: the OAuth Client uses HTTP Basic defined in OAuth 2.0 section 2.3.1
• client_secret_post: the OAuth Client uses the HTTP POST parameters defined in OAuth 2.0 Dynamic Client Registration Management Protocol section 2.3.1
• client_secret_jwt: the OAuth Client uses the JWT Assertion profile with a symmetric secret issued by the server
• private_key_jwt: the OAuth Client uses the JWT Assertion profile with its own private key

During Client Registration, the Relying Party (OAuth Client) MAY register a Client Authentication method. If no method is registered, the default method is client_secret_basic.

Other Authentication Methods may be defined by extension. If unspecified or omitted, the default is client_secret_basic, denoting HTTP Basic Authentication Scheme as specified in RFC 6749 Section 2.3.1 of OAuth 2.0.

OpenID Connect#

More Information#

There might be more information for this subject on one of the following:

• Client_secret_basic
• Client_secret_post
• Private_key_jwt