– lexoffice, OAuth 2.0, PKCE, API security, cloud accounting, single-page application (SPA), authentication flow.
This prevents you from forgetting complex passwords and keeps them secure.
is a popular cloud-based accounting software designed for self-employed individuals, freelancers, and small businesses in Germany. To access your financial data, invoices, and tax overviews, you must successfully log in to your account. Here is the complete procedure and relevant information. lexoffice.login
+----------+ +-----------------+ | | 1. code_verifier + code_challenge | | | Client |----------------------------------->| lexoffice Auth | | (App) | | Server | | | 2. Redirect to login page | | | |<-----------------------------------| | | | | | | | 3. User credentials + consent | | | |----------------------------------->| | | | | | | | 4. Authorization code | | | |<-----------------------------------| | | | | | | | 5. code_verifier + code | | | |----------------------------------->| Token Endpoint | | | | | | | 6. Access token + refresh token | | | |<-----------------------------------| | +----------+ +-----------------+
If you are unable to log in, consider the following common solutions: – lexoffice, OAuth 2
: Use the "Passwort vergessen?" (Forgot password?) link on the login page to receive a reset link via email.
: Navigate to the official website at app.lexoffice.de. To access your financial data, invoices, and tax
The lexoffice.login mechanism is a robust implementation of OAuth 2.0 + PKCE, suitable for both server‑side and public client applications. Developers must correctly generate the PKCE pair, validate the state parameter, and store tokens securely. By following the reference implementation and security recommendations in this paper, integration can achieve both usability and a high security level.
Security is a primary concern for cloud accounting. Lexoffice utilizes high-level encryption and hosts all data in , ensuring compliance with strict GDPR (DSGVO) regulations. This means your financial records are protected by the same security standards used in online banking.
# Exchange data = "grant_type": "authorization_code", "code": auth_code, "redirect_uri": self.redirect_uri, "client_id": self.client_id, "code_verifier": self.code_verifier
"access_token": "eyJhbGciOiJSUzI1NiIs...", "token_type": "Bearer", "expires_in": 3600, "refresh_token": "8xLOxBtZp8...", "scope": "invoice.read contact.read openid profile"