OIDC Clients must authenticate with the OIDC Provider for the Authorize, Token and Introspect Endpoints. The following authentication scheme is currently supported:
- Basic according to OIDC
client_secret_basic,
OAuth2 Client Password and HTTP Basic Authentication.
The required scheme for any OIDC Client is determined when the OIDC Client is configured at the OIDC Provider.
Note
Support for other authentication schemes like client_secret_jwt
and private_key_jwt
may be added as future options.
- Bearer according to OAuth2 Bearer token usage