Verifier (OneOf)#
Path: /profiles/profile/settings/authorization-server/client-store/config-backed/client/secondary-authentication-method
Describes how the client is authenticated
Parameters#
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| secret | string | optional | - | A password used by the client |
| asymmetric-key | leafref → /base:facilities/base:crypto/base:signature-verification-keys/base:signature-verification-key/base:id | optional | - | A public key that corresponds to the private key the client will use to sign a token with to authenticate itself |
| jwks | string (length: 1..9223372036854775807) | optional | - | A JWKS providing keys that can be used to verify JWT assertions. The JSON String should be base64-encoded. |
| symmetric-key | string (length: 1..9223372036854775807) | optional | - | A secret key that the client will use to sign or integrity protect a token with to authenticate itself |
| no-authentication | boolean | optional | false | When no-authentication is selected, the client is a public client. Can only be used for clients that requests tokens, and only makes sense if they use the token endpoint (i.e. use the code flow). |
| credential-manager | leafref → /base:processing/base:credential-managers/base:credential-manager/base:id | optional | - | The Credential Manager to use to transform the client secret. For configured clients, this credential manager is also used to retrieve the client secret from the configured data source on the credential manager |
Subsections#
| Name | Type | Description |
|---|---|---|
| jwks-uri | Section | A key present in a JWKS referenced by an URI, accessed via an optional HTTP client ID |
| mutual-tls-by-proxy | Section | |
| mutual-tls | Section |