Skip to main content
Version: Next

Client authentication methods

According to RFC 6749, if the client type is confidential, the client and authorization server establish a client authentication method suitable for the security requirements of the authorization server. The authorization server MAY accept any form of client authentication meeting its security requirements.

SimpleIdServer supports multiple authentication methods for clients.

MethodDescription
client_secret_basicClients that have received a client_secret value from the Authorization Server authenticate with the Authorization Server using the HTTP Basic Authentication scheme
client_secret_postClients that have received a client_secret value from the Authorization Server authenticate with the Authorization Server by including the Client Credentials in the request body
private_key_jwtClients that have registered a public key sign a JWT using that key.
client_secret_jwtClients that have received a client_secret value from the Authorization Server create a JWT using an HMAC SHA algorithm, such as HMAC SHA-256. The HMAC is calculated using the octets of the UTF-8 representation of the client_secret as the shared key.
noneThe Client does not authenticate itself at the Token Endpoint, either because it uses only the Implicit Flow or because it is a Public Client with no Client Secret or other authentication mechanism.
self_signed_tls_client_authIndicates that client authentication to the authorization server will occur using mutual TLS with the client utilizing a self-signed certificate
tls_client_authIndicates that client authentication to the authorization server will occur with mutual TLS utilizing the PKI method of associating a certificate to a client.