OIDC Integration Guide
Learn how to configure your OpenID Connect (OIDC) clients, manage token authentication methods, and define scopes securely.
Token Auth Method
The Token Auth Method (token_endpoint_auth_method) defines how your client application proves its identity to the OIDC server when it requests final access tokens in exchange for an authorization code.
client_secret_basicRecommended
Your application sends its client_id and client_secret securely combined in the standard HTTP Authorization header using Base64 encoding. It is considered the most standard and secure method for backend/server-side apps.
client_secret_post
Your application sends its client_id and client_secret directly inside the body of the POST request. It is functionally similar to basic auth but slightly less standard for strict OIDC validations.
nonePublic Clients
Used for applications that run publicly in a user's browser (like React/Next.js Single Page Applications) or mobile apps, where a client_secret cannot be stored securely because users could inspect the code. Instead of a secret, these apps must use PKCE (Proof Key for Code Exchange) to dynamically prove their identity on every login.
Scope Parameters
Scopes act as the permissions you are asking the user for. In OIDC, scopes act as bundles that tell the server which specific pieces of user data (called claims) your application is allowed to read.
openidprofileemailExample Request
When you specify the scope "openid profile email", you are effectively telling the OIDC layer:"Please log this user in securely, and grant my app access to read their basic profile details and their email address."