Client authentication
Last updated
Was this helpful?
Last updated
Was this helpful?
To connect to the OIDC APIs, a client application needs to be and has to authenticate itself using its client_id and client_secret.
See section , for details on how to register a client and obtain the client_id and client_secret values.
Endpoints affected by the client authentication are
token_endpoint
/api/oidc/token
pushed_authorization_request_endpoint
/api/oidc/par
The supported client authentication methods are published in the discovery document (token_endpoint_auth_methods_supported
) on the well-known openid-configuration endpoint.
Currently supported authentication methods:
client_secret_basic
the client needs to add the client_id and client_secret as header, when calling the pushed authorization request or token endpoints.