---
title: ClientSecretPostAuthenticationFilter
description: Supports client authentication with the method client_secret_post. Clients that have received a client_secret value from the Authorization Server authenticate by including the client credentials in the request body, as in the following example:
component: pinggateway
version: 2026
page_id: pinggateway:reference:ClientSecretPostAuthenticationFilter
canonical_url: https://docs.pingidentity.com/pinggateway/2026/reference/ClientSecretPostAuthenticationFilter.html
revdate: 2024-07-10T14:05:34Z
section_ids:
  ClientSecretPostAuthenticationFilter-usage: Usage
  ClientSecretPostAuthenticationFilter-conf: Configuration
---

# ClientSecretPostAuthenticationFilter

Supports client authentication with the method `client_secret_post`. Clients that have received a `client_secret` value from the Authorization Server authenticate by including the client credentials in the request body, as in the following example:

```http
POST /oauth2/token HTTP/1.1
Host: as.example.com
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&;
client_id=...&
client_secret=...&
code=...
```

Use this filter with an endpoint `Handler` that requires `client_secret_post` authentication. For example, `endpointHandler` in the [OAuth2TokenExchangeFilter](OAuth2TokenExchangeFilter.html) or [ClientCredentialsOAuth2ClientFilter](ClientCredentialsOAuth2ClientFilter.html).

## Usage

```json
{
  "name": string,
  "type": "ClientSecretPostAuthenticationFilter",
  "config": {
    "clientId": configuration expression<string>,
    "clientSecretId": configuration expression<secret-id>,
    "secretsProvider": SecretsProvider reference
  }
}
```

## Configuration

* `"clientId"`: *configuration expression<[string](preface.html#definition-string)>, required*

  The OAuth 2.0 client ID to use for authentication.

* `"clientSecretId"`: *configuration expression<[secret-id](preface.html#definition-secretid)>, required*

  The OAuth 2.0 client secret to use for authentication.

  This secret ID must point to a [GenericSecret](../security-guide/keys.html#secret-types).

* `"secretsProvider"`: *SecretsProvider [reference](preface.html#definition-reference), required*

  The [SecretsProvider](SecretsProvider.html) to query for passwords and cryptographic keys.