<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Set Client Authentication to "None" using REST API for SPA and Native Apps
Apr 3, 2025
API Access Management
Overview

For Single-Page Applications (SPA) and native apps, the admin UI does not allow editing client authentication configuration. However, the Rest API can be used to perform this change.

Applies To
  • OpenID Connect
  • OAuth 2.0
  • SPA App
  • Native App
Cause

This is already set by default, but there could be an instance where it is not.

  • For example, if the application was created programmatically and the parameter "token_endpoint_auth_method" is set to "client_secret_basic", the option is then greyed out.

    Client Authentication option greyed out 
Solution
  1. Using Okta Public API Collections, make an API call to the /apps endpoint to get the parameters of the application:
GET API Call
  1. Then, change the method from GET to PUT.
  2. Set the body from "none" to "raw".
  3. Copy and paste the setting and set "token_endpoint_auth_method" to "none".
  4. Press SEND.
"token_endpoint_auth_method" set to "none". 
On the Okta dashboard can be seen that Client authentication is now set to "None".
Client authentication set to None 

Related References

Recommended content

Still looking for help?
Loading
How to Set Client Authentication to "None" using REST API for SPA and Native Apps