Understanding Civic Auth’s flexible OAuth 2.0 authentication methods for maximum security across all application types.
PKCE Security Model
Client Secret Security Model
config
object that varies based on the authentication method you choose. The core implementation remains the same.
Parameter | PKCE Only (Default) | Client Secret Only | PKCE + Client Secret (Max Security) | Notes |
---|---|---|---|---|
clientId | Required | Required | Required | Your application’s Client ID. |
clientSecret | Not used | Required | Required | Generate in dashboard Security tab. |
pkce | true (default) | false | true | Enables or disables PKCE. |
redirectUrl | Required | Required | Required | The URL to redirect to after login. |
postLogoutRedirectUrl | Optional | Optional | Optional | The URL to redirect to after logout. |
config
object using the parameters above for other flows.