---
title: PRIVATE_KEY_JWT Setup
description: Authentication requirements for the token endpoint are set by the application's tokenEndpointAuthMethod property. When the application's tokenEndpointAuthMethod is set to PRIVATE_KEY_JWT, the token endpoint uses a JWT signed by an external private key file. For information about creating the JWT (signed by the private key file) and the claims in the JWT, refer to Create a private key JWT. Token requests that use this auth method require the client_assertion and client_assertion_type OAuth properties to specify the JWT.
component: pingone-api
page_id: pingone-api:workflow-library:platform-sso-and-authorization/openid-connect-oidc/client-authentication-methods/environment-configuration/private-key-jwt
canonical_url: https://developer.pingidentity.com/pingone-api/workflow-library/platform-sso-and-authorization/openid-connect-oidc/client-authentication-methods/environment-configuration/private-key-jwt.html
---

# PRIVATE\_KEY\_JWT Setup

Authentication requirements for the token endpoint are set by the application's `tokenEndpointAuthMethod` property. When the application's `tokenEndpointAuthMethod` is set to `PRIVATE_KEY_JWT`, the token endpoint uses a JWT signed by an external private key file. For information about creating the JWT (signed by the private key file) and the claims in the JWT, refer to [Create a private key JWT](../../../../../auth/auth-config-options/create-a-private-key-jwt.html). Token requests that use this auth method require the `client_assertion` and `client_assertion_type` OAuth properties to specify the JWT.

**Key points**

* JWT signed with RS256/RS384/RS512 or ES256/ES384/ES512

* Public key registered with PingOne (JWKS or certificate)

* No shared secret - highest security

* Ideal for enterprise applications with PKI infrastructure

|   |                                                                          |
| - | ------------------------------------------------------------------------ |
|   | Note: You'll need to upload a public key or JWKS URL to use this method. |

[Run in Postman](https://god.gw.postman.com/run-collection/3468883-e6a9d0c4-7984-489e-b925-e97dee09f7d0?action=collection%2Ffork\&source=rip_markdown\&collection-url=entityId%3D3468883-e6a9d0c4-7984-489e-b925-e97dee09f7d0%26entityType%3Dcollection%26workspaceId%3D3550b170-7818-4801-b1eb-dcb7b3f64263#?env%5BPingOne%20Workflow%20Library%20Template%20%28release%3A%202025-04-17%29%5D=W3sia2V5IjoidGxkIiwidmFsdWUiOiJjb20iLCJlbmFibGVkIjp0cnVlLCJ0eXBlIjoiZGVmYXVsdCJ9LHsia2V5IjoiYXV0aFBhdGgiLCJ2YWx1ZSI6Imh0dHBzOi8vYXV0aC5waW5nb25lLnt7dGxkfX0iLCJlbmFibGVkIjp0cnVlLCJ0eXBlIjoiZGVmYXVsdCJ9LHsia2V5IjoiYXBpUGF0aCIsInZhbHVlIjoiaHR0cHM6Ly9hcGkucGluZ29uZS57e3RsZH19L3YxIiwiZW5hYmxlZCI6dHJ1ZSwidHlwZSI6ImRlZmF1bHQifSx7ImtleSI6ImFkbWluRW52SUQiLCJ2YWx1ZSI6IiIsImVuYWJsZWQiOnRydWUsInR5cGUiOiJkZWZhdWx0In0seyJrZXkiOiJhZG1pbkFwcElEIiwidmFsdWUiOiIiLCJlbmFibGVkIjp0cnVlLCJ0eXBlIjoiZGVmYXVsdCJ9LHsia2V5IjoiYWRtaW5BcHBTZWNyZXQiLCJ2YWx1ZSI6IiIsImVuYWJsZWQiOnRydWUsInR5cGUiOiJkZWZhdWx0In0seyJrZXkiOiJlbnZJRCIsInZhbHVlIjoiIiwiZW5hYmxlZCI6dHJ1ZSwidHlwZSI6ImRlZmF1bHQifV0=)