PingOne

Token endpoint authentication methods

The token endpoint authentication method determines how PingOne authenticates applications at various endpoints, such as the token, token introspection, token revocation, and pushed authorization request endpoints.

Learn more about token endpoint authentication methods in Client Authentication in the OIDC specification. PingOne supports the following token endpoint authentication methods:

CLIENT_SECRET_POST

Include the client credentials in the HTTP request body.

CLIENT_SECRET_BASIC

Include the client credentials using the HTTP Basic authentication scheme.

CLIENT_SECRET_JWT

Create a digitally signed JSON Web Token (JWT) using HS256, HS384, or HS512.

PRIVATE_KEY_JWT

Create a digitally signed JWT using RS256, RS384, or RS512 with a private key owned by the application or resource server.