Token endpoint authentication methods

The token endpoint authentication method determines how PingOne authenticates applications at various endpoints, such as the token, token introspection, token revocation, and pushed authorization request endpoints.

Learn more about token endpoint authentication methods in Client Authentication in the OIDC specification. PingOne supports the following token endpoint authentication methods:

CLIENT_SECRET_POST: Include the client credentials in the HTTP request body.
CLIENT_SECRET_BASIC: Include the client credentials using the HTTP Basic authentication scheme.
CLIENT_SECRET_JWT: Create a digitally signed JSON Web Token (JWT) using HS256, HS384, or HS512.
PRIVATE_KEY_JWT: Create a digitally signed JWT using RS256, RS384, or RS512 with a private key owned by the application or resource server.

Grant types

PingOne

Token endpoint authentication methods

Related links