In OpenID Connect & OAuth 2.0 API | Okta Developer, it indicates that the Request JWT must be signed using the app’s client secret. Does that mean Okta only supports the client_secret_jwt mechanism for client authentication (Final: OpenID Connect Core 1.0 incorporating errata set 1), and not the private_key_jwt mechanism? If private_key_jwt is not currently supported, what is the process to request that function be added to Okta?
signing the request vs client authentication for the token endpoint is a little different.
If you are asking about an OpenID connect signed request
"request_object_signing_alg_values_supported": Array[3][
"HS256",
"HS384",
"HS512"
]
signed with the client secret:
If you are asking about what the token endpoint auth methods we support, it is:
"token_endpoint_auth_methods_supported": Array[4][
"client_secret_basic",
"client_secret_post",
"client_secret_jwt",
"none"
],
Okta already has a case logged internally to add private_key_jwt, if you want to track it or add your business case to it, you can send us an email at developers@okta.com
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.