Client authentication

To connect to the OIDC APIs, a client application needs to be registered and has to authenticate itself using its client_id and client_secret.

See section Client registration, for details on how to register a client and obtain the client_id and client_secret values.

Authenticated endpoints

Endpoints affected by the client authentication are

• token_endpoint

  • /api/oidc/token

• pushed_authorization_request_endpoint

  • /api/oidc/par

Authentication methods

The supported client authentication methods are published in the discovery document (token_endpoint_auth_methods_supported) on the well-known openid-configuration endpoint.

Currently supported authentication methods:

• client_secret_basic

  • the client needs to add the client_id and client_secret as Basic HTTP Authorization header, when calling the pushed authorization request or token endpoints.