To connect to the OIDC APIs, a client application needs to be registered and has to authenticate itself using its client_id and client_secret.
See section Client registration, for details on how to register a client and obtain the client_id and client_secret values.
Endpoints affected by the client authentication are
token_endpoint
/api/oidc/token
pushed_authorization_request_endpoint
/api/oidc/par
The supported client authentication methods are published in the discovery document (token_endpoint_auth_methods_supported) on the well-known openid-configuration endpoint.
Currently supported authentication methods:
client_secret_basic
the client needs to add the client_id and client_secret as Basic HTTP Authorization header, when calling the pushed authorization request or token endpoints.