PRIVATE_KEY_JWT Setup
Authentication requirements for the token endpoint are set by the application’s tokenEndpointAuthMethod property. When the application’s tokenEndpointAuthMethod is set to PRIVATE_KEY_JWT, the token endpoint uses a JWT signed by an external private key file. For information about creating the JWT (signed by the private key file) and the claims in the JWT, refer to Create a private key JWT. Token requests that use this auth method require the client_assertion and client_assertion_type OAuth properties to specify the JWT.
Key points
-
JWT signed with RS256/RS384/RS512 or ES256/ES384/ES512
-
Public key registered with PingOne (JWKS or certificate)
-
No shared secret - highest security
-
Ideal for enterprise applications with PKI infrastructure
|
Note: You’ll need to upload a public key or JWKS URL to use this method. |