--- title: Client authentication schemes description: Most OAuth and OpenID Connect use cases require the client application to authenticate successfully before its requests can be processed further. component: pingfederate version: 13.1 page_id: pingfederate:introduction_to_pingfederate:pf_client_auth_scheme canonical_url: https://docs.pingidentity.com/pingfederate/13.1/introduction_to_pingfederate/pf_client_auth_scheme.html llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md revdate: March 16, 2023 section_ids: related-links: Related links --- # Client authentication schemes Most OAuth and OpenID Connect use cases require the client application to authenticate successfully before its requests can be processed further. As an OAuth authorization server (OAuth AS) *(tooltip: \
\

The authorizing service in an OAuth framework that issues and manages access tokens for clients to access protected resources.\

\
)*, PingFederate supports the following client authentication schemes: * Client secret for HTTP Basic authentication * Client TLS certificate for mutual TLS authentication * Private key JWT for the private\_key\_jwt client authentication method, as defined in the OpenID Connect specification * Client secret JWT for the client\_secret\_jwt client authentication method, as defined in the OpenID Connect specification * None when authentication is not required | | | | - | ----------------------------------------------------------------------------------------------------------------- | | | An OAuth client can be configured with one or more of these schemes, except that **None** must be used by itself. | When deployed as an OpenID Connect Relying Party (RP), PingFederate authenticates through client secret and private key JSON web tokens (JWT). It also handles the scenario where authentication is not required. ## Related links * [Managing OAuth clients](../administrators_reference_guide/help_oauthclientsmanagementtasklet_oauthclientsmanagementstate.html) * [OpenID Connect Relying Party support](../administrators_reference_guide/pf_oidc_relying_party_support.html)