Hey All.
We have a client who have Ping as their ID provider. We have connected to them using the OIDC setup using Client / Secret. This is all working, but their internal policies do not allow us to use client / secret and would like us to use either:
Private Key JWT
or
Client TLS Certificate with PKCE
Are either of these offered via Auth0? Will changing the OIDC config from backdoor to front door enable private key JWT? Or will that just be no authentication but with PKCE?
Sorry for all the questions and thanks for the help.
Seconding this one. I’m working against an Openid Provider that only supports ‘private_key_jwt’ client authentication and for the authorization_code and refresh_token grant types.
In my mind it’d be great to support that auth scheme from OIDC Enterprise connections and from custom social connections. That’s been a blocker for me and several other companies I know of using the same IdP. Should I send those companies links to this forum or is there some other way I can help you assess the need?
PS - @lee.mcdonald, when you say backdoor/front-door are you referencing a server-side vs client-side app? Client-side apps can’t protect a private key, so I wouldn’t expect that to be an option.