Configure OIDC connection for Single-Page-Application

Hi there,

Thank you for reaching out to us!

Wanted to provide some information, in case others find this useful as well, but I believe that you are using an external API that is requesting the client_secret_post method, and the SPA application should have it’s authentication method set to none.

This might be problematic, as SPAs are not confidential clients and are not able to store client secrets, and storing them on the frontend presents a security risk, as they are exposed and easily accessible. One way that might work would be to set up your own API for authentication.

Some useful documentations that I can recommend reading through:

Hope this helped!
Gerald