Token endpoint authentication methods
The token endpoint authentication method determines how PingOne authenticates applications at various endpoints, such as the token, token introspection, token revocation, and pushed authorization request endpoints. Learn more about token endpoint authentication methods in Client Authentication in the OpenID Connect (OIDC) specification.
PingOne supports the following token endpoint authentication methods:
- CLIENT_SECRET_POST
-
Include the client credentials in the HTTP request body.
- CLIENT_SECRET_BASIC
-
Include the client credentials using the HTTP Basic authentication scheme.
- CLIENT_SECRET_JWT
-
Create a digitally signed JSON Web Token (JWT) using HS256, HS384, or HS512.
You can use expressions to retrieve information from the authentication JWT for token fulfillment. Learn more about using the expression builder in PingOne Expression Language and Variables.
- PRIVATE_KEY_JWT
-
Create a digitally signed JWT using RS256, RS384, or RS512 with a private key owned by the application or resource server.
You can use expressions to retrieve information from the authentication JWT for token fulfillment. Learn more about using the expression builder in PingOne Expression Language and Variables.