The private_key_jwt authentication is based on asymmetric key, the private part is generated and only known by the client whereas the public part is communicated and registered in the authorization server for the specific client.
The authentication flow of private_key_jwt is depicted in the diagram below
|
