Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Ping Identity PT-AM-CPE Exam - Topic 4 Question 5 Discussion

Actual exam question for Ping Identity's PT-AM-CPE exam
Question #: 5
Topic #: 4
[All PT-AM-CPE Questions]

When making a request to the /oauth2/access_token endpoint using the JWT profile client authentication method, which parameter is used to provide the JWT value?

Show Suggested Answer Hide Answer
Suggested Answer: D

PingAM 8.0.2 supports advanced client authentication methods defined in the OpenID Connect and OAuth 2.0 specifications, including private_key_jwt and client_secret_jwt. These methods allow a client to authenticate without sending a static password/secret in the request. Instead, the client generates and signs a JSON Web Token (JWT).

According to the 'OAuth 2.0 Client Authentication' and 'JWT Profile for Client Authentication' (RFC 7523) documentation, when a client sends this JWT to the /oauth2/access_token endpoint, it must use the client_assertion parameter.

The request must also include the client_assertion_type parameter, which must be set to the constant value: urn:ietf:params:oauth:client-assertion-type:jwt-bearer.

Option A (client_credentials) is a grant type, not a parameter for providing a JWT.

Option B (client_token_value) is not a standard OAuth2 parameter name.

Option C (client_id) is often included in the request, but it is the identifier of the client, not the container for the cryptographic assertion itself.

When PingAM receives a request with a client_assertion, it extracts the JWT, verifies the signature using the client's public key (stored in the client's profile or retrieved via a JWKS URI), and validates the standard claims (iss, sub, aud, exp). This method is significantly more secure than simple secrets because it proves the client possesses the private key and limits the window for replay attacks through the token's expiration claim.


by Patti at Jan 23, 2026, 06:14 AM

Limited Time Offer

25%

Off

Get Premium PT-AM-CPE Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Bronwyn
15 days ago
I think it's D) client_assertion. It makes sense for JWT.
upvoted 0 times
...
Gertude
20 days ago
Nope, it's D) for sure!
upvoted 0 times
...
Yuriko
25 days ago
I thought it was B) client_token_value for a second.
upvoted 0 times
...
Gregg
1 month ago
Wait, are we sure about that?
upvoted 0 times
...
Kerrie
1 month ago
Agreed, that's the right one.
upvoted 0 times
...
Jackie
1 month ago
It's definitely D) client_assertion!
upvoted 0 times
...
Princess
2 months ago
I'm going with C) client_id. It's the most straightforward option, right?
upvoted 0 times
...
Mattie
2 months ago
D) client_assertion makes sense to me. Gotta love those cryptic OAuth2 parameters!
upvoted 0 times
...
Lindsey
2 months ago
I thought it was B) client_token_value, but I guess I need to brush up on my OAuth2 knowledge.
upvoted 0 times
...
Fatima
2 months ago
D) client_assertion is the correct answer.
upvoted 0 times
...
Melodie
2 months ago
I'm leaning towards client_assertion too, but I wish I had reviewed this topic more thoroughly before the exam.
upvoted 0 times
...
Huey
2 months ago
I feel like client_token_value sounds familiar, but I can't recall if it's actually used in this context.
upvoted 0 times
...
Alton
3 months ago
I remember practicing a similar question, and I think client_credentials was related to the client ID instead of the JWT.
upvoted 0 times
...
Yuriko
3 months ago
I think the parameter for the JWT value might be client_assertion, but I'm not completely sure.
upvoted 0 times
...
Major
4 months ago
I'm a bit confused on this one. I know the JWT profile is used for client authentication, but I can't quite remember which parameter is used for the JWT value. I'll have to double-check my understanding.
upvoted 0 times
...
Veronica
4 months ago
I'm confident the answer is D) client_assertion. That's where you include the signed JWT for client authentication in the /oauth2/access_token request.
upvoted 0 times
...
Arthur
4 months ago
Okay, let me think this through. The question is asking about the parameter used to provide the JWT value, so I'm guessing it's either B) client_token_value or D) client_assertion.
upvoted 0 times
...
Janet
4 months ago
Hmm, I'm not totally sure about this one. I'll need to review my notes on the JWT profile for client authentication.
upvoted 0 times
...
Evette
4 months ago
I think the answer is D) client_assertion, since that's where you'd provide the JWT value for client authentication.
upvoted 0 times
...

Save Cancel