--- title: Configuring the OAuth Client Set Authentication Selector description: The OAuth Client Set Authentication Selector selector allows you to override client authentication select on an individual client basis in one or more authentication policies. component: pingfederate version: 13.1 page_id: pingfederate:administrators_reference_guide:pf_config_oauth_client_set_auth_selector canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/pf_config_oauth_client_set_auth_selector.html llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md revdate: July 5, 2022 section_ids: about-this-task: About this task steps: Steps result: Result --- # Configuring the OAuth Client Set Authentication Selector The OAuth Client Set Authentication Selector selector allows you to override client authentication select on an individual client basis in one or more authentication policies. ## About this task The selector enables PingFederate to choose configured authentication sources or other selectors based on a match found between the client information in an OAuth request and the OAuth clients configured in the PingFederate OAuth authorization server (AS). | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | The OAuth Client Set Authentication Selector is only applicable to OAuth clients using the authorization code, device authorization grant, or implicit flow. | ## Steps 1. Go to **Authentication > Policies > Selectors** to open the **Selectors** window. 2. On the **Selectors** window, click **Create New Instance** to start the **Create Authentication Selector Instance** workflow. 3. On the **Type** tab, configure the basics of this authentication selector instance. 4. On the **Authentication Selector** tab, click **Add a new row to 'Clients'**. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you do not see **Add a new row to 'Clients'**, go back to the **Type** tab and ensure you have selected **OAuth Client Set Authentication Selector** from the **Type** list. | 5. From the **Client ID** list, select an OAuth client and click **Update**. 6. (Optional) Repeat the previous step to add more clients. Display order does not matter. Click **Edit**, **Update**, or **Cancel** to make or undo a change to an existing entry. Click **Delete** or **Undelete** to remove an existing entry or cancel the removal request. 7. Complete the configuration. 1. On the **Summary** tab, click **Done**. 2. On the **Selectors** window, click **Save**. ## Result When you place this selector instance as a checkpoint in an authentication policy, it forms two policy paths: **Yes** and **No**. If the invoking client matches one of the clients from the set, the selector returns true. The policy engine regains control of the request and proceeds with the policy path configured for the result value of **Yes**. If the invoking client matches none of the clients from the set, the selector returns false. The policy engine regains control of the request and proceeds with the policy path configured for the result value of **No**.