Use the correct token authentication method

The platform you use to integrate with GOV.UK One Login will affect which token authentication method you need to use.

Most services will use private_key_jwt. However, if you’re using a third-party platform which does not support private_key_jwt, you may be granted an exception to use client_secret_post.

You can read more guidance on third-party platforms to learn about which ones do not support private_key_jwt.

This page was last reviewed on 4 July 2024.