Certificates for authentication and signing


Cross posting from SO to here for better reach https://stackoverflow.com/questions/62137112/certificates-for-authentication-and-signing

I have a client server scenario.

I have both thick client and a thin client (browser) which communicates with my server.

My thick client uses X-509 system certificate for client certificate authentication scenario and communicates with the server

Also this certificate is used for used to generate signed URL (with expiration time) for my thin client to communicate with my server which is used for integrity and authorization purpose. I also have a token based approach for authentication purpose in this case.

Now i want to complete move my authentication mechanism to OAuth based flow using client credentials or auth code based.

I understand that authentication and authorization can be moved to OAuth based communication. But how do i move my signing (digital signature) based use case to OAuth from certificate based ?

I don’t think there is any other way than to use certificate based PKI mechanism for digital signing. Can the private and public keys be distributed other than the certificates ?

Best Regards,

Saurav