Skip to content
AuthAction Documentation

Authentication

AuthAction provides secure, standards-compliant authentication built on OAuth 2.0 and OpenID Connect. This section covers the core authentication mechanisms available in your tenant.

Available Guides

Section titled “Available Guides”
  • OAuth 2.0 & OIDC Endpoints — Complete reference for all tenant-specific endpoints including authorization, token, userinfo, JWKS, and logout.
  • PKCE Authorization Flow — How AuthAction enforces the Authorization Code Flow with PKCE (S256) for secure public client authentication.
  • Passkey Authentication — Enable passwordless login using device-bound passkeys with WebAuthn.

Key Concepts

Section titled “Key Concepts”
  • PKCE is mandatory — AuthAction only supports the Authorization Code Flow with PKCE using the S256 challenge method. This eliminates the need for client secrets in public clients.
  • OpenID Connect Discovery — Client SDKs can auto-configure by fetching your tenant’s /.well-known/openid-configuration document.
  • RS256 signing — All tokens are signed with RS256 and can be verified via the JWKS endpoint.