OpenID Connect Client Authentication

OAuth 2.0 and OpenID Connect clients can use the same authentication methods described in OAuth 2.0 Client Authentication.

However, when using OpenID Connect, you must specify in the client profile the type of authentication the client is using. To configure the authentication method, go to Realms > Realm Name > Applications > OAuth 2.0 > Advanced, and select one of the following options in the Token Endpoint Authentication Method drop down:

  • client_secret_post, if the client sends its credentials as form parameters.

  • client_secret_basic, if the client sends its credentials in a basic authorization header.

  • private_key_jwt, if the client sends its credentials as a JWT.

  • tls_client_auth, if the client uses a CA-signed certificate for mutual TLS authentication.

  • self_signed_tls_client_auth, if the client uses a self-signed certificate for mutual TLS authentication.

  • none, if the client is public.

    AM will not require a public client to authenticate even if the authentication method is set to a value different from none.

Read a different version of :