Introduction to single sign-on

There are two methods available for single sign-on (SSO) with Setel:

• Using client secret
• Using Proof Key for Code Exchange (PKCE)

When should I use SSO with client secret?

Choose this method if one of the following contexts is relevant to you:

• Your app or platform is designed to interact with its own third-party (non-Setel) API which requires special tokens. The tokens returned as a result of the OAuth are used only to get the /userinfo endpoint.
• There is a dedicated backend to the client, so it’s possible to use client secret and exchange tokens on the backend.

When should I use SSO with PKCE?

Choose this method if one of the following contexts is relevant to you:

• Your app or platform is designed to interact only with the Setel API. There is no need to request a third-party (non-Setel) API, so access tokens returned from the OAuth flow are the only tokens you work with.
• There is no dedicated backend to the client, so it’s impossible to use client secret and exchange tokens on the backend.

Summary

Using SSO with client secret requires handling of actions from the partner on both the frontend and backend while using SSO with PKCE only requires actions on the partner's backend.

Choose the method that best fits your needs.