For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Cirrostratus rank

Cirrostratus

Mar 22, 2023

F5 oAuth Federation with client assertion type = jwt-bearer

Hi - i am trying to setup user authentication with oAuth and F5 is the Client + Resour provider - that needs to authenticate the user - Question - the options available are to send clientid and s...

application delivery

Icon for Employee rank

Employee

Mar 28, 2023

Hi,

If I understand correctly, APM is set as Client and RS. It means APM will redirect the user to your AS in order to authenticate and get a token (Client role). Which grant is set in your AS ? Authorization code grant ?

Then APM will validate the JWT token (RS role).

By default, APM uses JWT-BEARER as insertion type, and JWT signed (not encrypted by default)

Icon for Cirrostratus rank

Cirrostratus

Mar 28, 2023

Thanks for the response

for openidconnect - i have setup flow type as Hybrid - and Hybrid response type as code-idtoken-token

my identity provider is forgerock asn the attached image shows teh flow

Security Best Practices for F5 Products

Technical Articles

F5 AppWorld 2026 Registration - early bird pricing.

DevCentral News

Kostas Injeyan - October 2025 Featured Member

DevCentral News

featured member

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5