Mutual Transport Layer Security (mTLS) is considered more secure than the combination of client ID and client secret. Unlike retrieving the access token with client ID and client secret, no secret is shared between calling application and the service instance of SAP Authorization and Trust Management service (XSUAA).
This configuration enables your application to retrieve or exchange access tokens from an instance of the SAP Authorization and Trust Management service with mTLS. When using TLS, the client verifies the identity of the OAuth server during their handshake. By using mTLS, the OAuth server also verifies the identity of the client. Calls to other services and applications with the access token use the standard OAuth protocols.
You, as a developer, have the option to have the service provide the X.509 certificate for the binding or service key or if you already have your own public key infrastructure (PKI), you can provide your own.
If you use your own PKI, your certificates must be issued by certificate authorities trusted by the service.
For more information, see Binding Parameters of SAP Authorization and Trust Management Service.
Related Information
Enable mTLS Authentication to SAP Authorization and Trust Management Service for Your Application
Implementing Custom Token Retrieval from SAP Authorization and Trust Management Service with mTLS