---
title: Client authentication schemes
description: Most OAuth and OpenID Connect use cases require the client application to authenticate successfully before its requests can be processed further.
component: pingfederate
version: 13.0
page_id: pingfederate:introduction_to_pingfederate:pf_client_auth_scheme
canonical_url: https://docs.pingidentity.com/pingfederate/13.0/introduction_to_pingfederate/pf_client_auth_scheme.html
revdate: March 16, 2023
section_ids:
  related-links: Related links
---

# Client authentication schemes

Most OAuth and OpenID Connect use cases require the client application to authenticate successfully before its requests can be processed further.

As an OAuth authorization server (AS), PingFederate supports the following client authentication schemes:

* Client secret for HTTP Basic authentication

* Client TLS certificate for mutual TLS authentication

* Private key JWT for the private\_key\_jwt client authentication method, as defined in the OpenID Connect specification

* Client secret JWT for the client\_secret\_jwt client authentication method, as defined in the OpenID Connect specification

* None when authentication is not required

When deployed as an OpenID Connect Relying Party (RP), PingFederate authenticates through client secret and private key JSON web tokens (JWT). It also handles the scenario where authentication is not required.

## Related links

* [Managing OAuth clients](../administrators_reference_guide/help_oauthclientsmanagementtasklet_oauthclientsmanagementstate.html)

* [OpenID Connect Relying Party support](../administrators_reference_guide/pf_oidc_relying_party_support.html)