Specifies the authentication scheme used to establish a connection to Xero. It determines the authentication mechanism required for validating the user's identity and allows integration with various OAuth providers. Accepted entries are OAuth, PKCE, or OAuthClient.

Syntax

Connect-Xero -AuthScheme string

Possible Values

OAuth, PKCE, OAuthClient

Data Type

cstr

Default Value

"PKCE"

Remarks

Supported authentication methods for new applications include:

• OAuth: Uses OAuth 2.0 with a client ID and client secret. Recommended for server-side applications where credentials can be securely stored. OAuth supports token-based authentication and refresh.
• PKCE (Proof Key for Code Exchange): Uses OAuth 2.0 with only a client ID. Ideal for client-side or public applications (such as desktop or mobile apps) where a secret cannot be securely stored.
• OAuthClient: Uses OAuth client credentials flow with a client ID and secret. This mode allows programmatic access without user interaction. Only available with a Custom Connection license from Xero.

Choose the authentication method based on your application's context. Client-side apps should generally use PKCE, while backend apps may use OAuth or OAuthClient depending on licensing and automation needs.

This is a required parameter.