In https://developer.okta.com/docs/api/resources/oidc#parameter-details, it indicates that the Request JWT must be signed using the app’s client secret. Does that mean Okta only supports the client_secret_jwt mechanism for client authentication (http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication), and not the private_key_jwt mechanism? If private_key_jwt is not currently supported, what is the process to request that function be added to Okta?
signing the request vs client authentication for the token endpoint is a little different.
If you are asking about an OpenID connect signed request
"request_object_signing_alg_values_supported": Array[ "HS256", "HS384", "HS512" ]
signed with the client secret:
If you are asking about what the token endpoint auth methods we support, it is:
"token_endpoint_auth_methods_supported": Array[ "client_secret_basic", "client_secret_post", "client_secret_jwt", "none" ],
Okta already has a case logged internally to add private_key_jwt, if you want to track it or add your business case to it, you can send us an email at firstname.lastname@example.org