Is Client Credentials flow using Signed JWT supported?

nhartner · March 25, 2019, 4:40pm

Does Auth0 support client credentials flow using signed jwt to authenticate? This is where the application signs a JWT with their client secret instead of the less secure method of just sending their client secret as a request header. It’s part of the openid connect spec and supported by other auth providers like Keycloak and Okta. But the well-known openid configuration for my auth0 account only shows:

“token_endpoint_auth_methods_supported”:[“client_secret_basic”,“client_secret_post”]

Is there a way to enable “client_secret_jwt” and/or “private_key_jwt” for token_endpoint_auth_methods_supported?

jmangelo · April 4, 2019, 10:18am

At this time it is not supported; you should consider leaving this feedback directly at (Auth0: Secure access for everyone. But not just anyone.) as that way our product team can more easily gauge the demand for that feature. Thanks.

Topic		Replies	Views
Question re: Client Credentials Help jwt , auth0 , client-credentials	3	3779	August 26, 2019
Ruby on Rails with Private Key JWT Help configuration , application	0	12	October 30, 2024
Use client certificate to request M2M token in client credential flow Help apis , application	2	1198	February 20, 2023
Creating API key and secret for clients -- is it still the suggested approach? Help	2	6245	December 4, 2018
Alternative to clientid/secret with JWT Client Authentication (RFC 7523)? Help	6	4761	December 20, 2018

Is Client Credentials flow using Signed JWT supported?

Related Topics