Form parameters (HTTP POST)
The OAuth 2.0 client authenticates by sending client_id and client_secret form parameters in an HTTP POST request:
$ curl \
--request POST \
--data "client_id=myClient" \
--data "client_secret=forgerock" \
...To use this authentication method for a confidential OAuth 2.0 client, edit the client profile in the Advanced Identity Cloud admin UI:
-
Go to Applications > Name > Sign On > General Settings > Advanced > Authentication.
-
Set the Token Endpoint Authentication Method to
client_secret_postand save your work.
Make sure all connections to PingOne Advanced Identity Cloud use HTTPS to protect the secret.