Support JWT Support for OAuth 2.0 Client Authentication.

Private Key JWT Client Authentication is an authentication method that can be used by clients to authenticate to the authorization server when using the token endpoint.

In this authentication mechanism, only the clients that have registered a public key and signed a JWT using that key can authenticate.

The JWT must contain REQUIRED claim values and may contain OPTIONAL claim values. To know more about the claim values needed for the JWT for private_key_jwt authentication, refer the Client Authentication section in the OpenID Connect core documentation.

Note: The authentication token must be sent as the value of the client_assertion parameter. The value of the  client_assertion_type  parameter must be  urn:ietf:params:oauth:client-assertion-type:jwt-bearer.

Plugins required for OAuth 2.0 Client Authentication using JWT token:

  • OAuth 2.0 (com.snc.platform.security.oauth): This plugin is active on new and upgraded instances. If the plugin is not active on your instance, you can activate it.
  • Integration - Multiple Provider Single Sign-On Installer (com.snc.integration.sso.multi.installer): For OIDC based single sign-on use case.

You can use the OAuth 2.0 Client Authentication using Private Key JWT for the following: