When configuring an external OpenID Connect (OIDC) Identity Provider in Okta, admins may encounter issues if the Identity Provider requires that the calls from Okta have client_secret_basic as the token_endpoint_auth_method.

Okta only supports client_secret_post and private_key_jwt for the authentication method. This limitation can cause authentication failures with the external Identity Provider.

• OpenID Connect (OIDC) Identity Provider

Okta's implementation for external OIDC Identity Provider integration currently only supports the client_secret_post and private_key_jwt authentication methods. While part of the OpenID Connect specification, the method is not supported for external OIDC Identity Providers configured in Okta. 

To resolve this issue, ensure that the external Identity Provider supports one of the two supported authentication methods, client_secret_post or private_key_jwt, and that the Identity Provider created within Okta is configured with the appropriate authentication method.

If the Identity Provider in question only supports client_secret_basic, please create a Feature Request in our Okta Ideas portal.

For more information about Okta Ideas, please check the Okta Ideas article.