diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/MyProjectNameWebModule.cs b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/MyProjectNameWebModule.cs
index 368ad5eafe..3dbf6227b8 100644
--- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/MyProjectNameWebModule.cs
+++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/MyProjectNameWebModule.cs
@@ -148,12 +148,13 @@ public class MyProjectNameWebModule : AbpModule
                 options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
 
                 options.ClientId = configuration["AuthServer:ClientId"];
-                options.ClientSecret = configuration["AuthServer:ClientSecret"];
 
+                options.UsePkce = true;
                 options.SaveTokens = true;
                 options.GetClaimsFromUserInfoEndpoint = true;
+                options.SignOutScheme = "Cookies";
 
-                options.Scope.Add("role");
+                options.Scope.Add("roles");
                 options.Scope.Add("email");
                 options.Scope.Add("phone");
                 options.Scope.Add("MyProjectName");
diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/appsettings.json b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/appsettings.json
index c89186b748..0d2d376016 100644
--- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/appsettings.json
+++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/appsettings.json
@@ -13,8 +13,7 @@
   "AuthServer": {
     "Authority": "https://localhost:44301",
     "RequireHttpsMetadata": "true",
-    "ClientId": "MyProjectName_Web",
-    "ClientSecret": "1q2w3e*"
+    "ClientId": "MyProjectName_Web"
   },
   "StringEncryption": {
     "DefaultPassPhrase": "gsKnGZ041HLL4IM8"