--- title: CLIENT_SECRET_JWT Setup description: Authentication requirements for the token endpoint are set by the application's tokenEndpointAuthMethod property. When the application's tokenEndpointAuthMethod is set to CLIENT_SECRET_JWT, the token endpoint uses a JWT signed by the application's client secret to authenticate the request. For information about creating the JWT and the claims in the JWT, refer to Create a client secret JWT. Token requests that use this authentication method require the client_assertion and client_assertion_type OAuth properties to specify the JWT. component: pingone-api page_id: pingone-api:workflow-library:platform-sso-and-authorization/openid-connect-oidc/client-authentication-methods/environment-configuration/client-secret-jwt canonical_url: https://developer.pingidentity.com/pingone-api/workflow-library/platform-sso-and-authorization/openid-connect-oidc/client-authentication-methods/environment-configuration/client-secret-jwt.html --- # CLIENT\_SECRET\_JWT Setup Authentication requirements for the token endpoint are set by the application's `tokenEndpointAuthMethod` property. When the application's `tokenEndpointAuthMethod` is set to `CLIENT_SECRET_JWT`, the token endpoint uses a JWT signed by the application's client secret to authenticate the request. For information about creating the JWT and the claims in the JWT, refer to [Create a client secret JWT](../../../../../auth/auth-config-options/create-a-client-secret-jwt.html). Token requests that use this authentication method require the `client_assertion` and `client_assertion_type` OAuth properties to specify the JWT. **Key points** * JWT signed with `HMAC-SHA256` using client secret * Includes claims: `iss`, `sub` (both identify the `client_id`), `aud` (token endpoint), `exp` * Provides non-repudiation and tamper detection * Better for audit trails and compliance requirements The following workflow shows the application configuration to complete a sign-on flow using the `CLIENT_SECRET_JWT` client authentication method. [Run in Postman](https://god.gw.postman.com/run-collection/3468883-d63f8c64-00d1-4103-958d-a038aadf543c?action=collection%2Ffork\&source=rip_markdown\&collection-url=entityId%3D3468883-d63f8c64-00d1-4103-958d-a038aadf543c%26entityType%3Dcollection%26workspaceId%3D3550b170-7818-4801-b1eb-dcb7b3f64263#?env%5BPingOne%20Workflow%20Library%20Template%20%28release%3A%202025-04-17%29%5D=W3sia2V5IjoidGxkIiwidmFsdWUiOiJjb20iLCJlbmFibGVkIjp0cnVlLCJ0eXBlIjoiZGVmYXVsdCJ9LHsia2V5IjoiYXV0aFBhdGgiLCJ2YWx1ZSI6Imh0dHBzOi8vYXV0aC5waW5nb25lLnt7dGxkfX0iLCJlbmFibGVkIjp0cnVlLCJ0eXBlIjoiZGVmYXVsdCJ9LHsia2V5IjoiYXBpUGF0aCIsInZhbHVlIjoiaHR0cHM6Ly9hcGkucGluZ29uZS57e3RsZH19L3YxIiwiZW5hYmxlZCI6dHJ1ZSwidHlwZSI6ImRlZmF1bHQifSx7ImtleSI6ImFkbWluRW52SUQiLCJ2YWx1ZSI6IiIsImVuYWJsZWQiOnRydWUsInR5cGUiOiJkZWZhdWx0In0seyJrZXkiOiJhZG1pbkFwcElEIiwidmFsdWUiOiIiLCJlbmFibGVkIjp0cnVlLCJ0eXBlIjoiZGVmYXVsdCJ9LHsia2V5IjoiYWRtaW5BcHBTZWNyZXQiLCJ2YWx1ZSI6IiIsImVuYWJsZWQiOnRydWUsInR5cGUiOiJkZWZhdWx0In0seyJrZXkiOiJlbnZJRCIsInZhbHVlIjoiIiwiZW5hYmxlZCI6dHJ1ZSwidHlwZSI6ImRlZmF1bHQifV0=)