Auth0 Home Blog Docs

Is Client Credentials flow using Signed JWT supported?

Does Auth0 support client credentials flow using signed jwt to authenticate? This is where the application signs a JWT with their client secret instead of the less secure method of just sending their client secret as a request header. It’s part of the openid connect spec and supported by other auth providers like Keycloak and Okta. But the well-known openid configuration for my auth0 account only shows:

“token_endpoint_auth_methods_supported”:[“client_secret_basic”,“client_secret_post”]

Is there a way to enable “client_secret_jwt” and/or “private_key_jwt” for token_endpoint_auth_methods_supported?

At this time it is not supported; you should consider leaving this feedback directly at (https://auth0.com/feedback) as that way our product team can more easily gauge the demand for that feature. Thanks.