Skip to main content
LinkedIn
Copied!

Table of Contents

Custom parameters for direct authentication against an external OIDC server

Version:

Only available versions of this content are shown in the dropdown

Learn about the parameters to define when you configure direct authentication against an external OpenID Connect (OIDC) server for mobile apps that are based on Pega Infinity Mobile Client.

For the configuration procedure, see Configuring direct authentication against an external OIDC server for Pega Infinity Mobile Client.

The following tables list the available parameters.

Parameters that you obtain from the external OIDC server

Parameter Description
container.authentication.oauth2.clientId An identifier of the mobile app in the OIDC authentication server.
container.authentication.oauth2.clientSecret A secret value that is shared between Pega Mobile Client and the authentication server. If you perform a public OAuth registration, set this parameter to <null>.
container.authentication.oauth2.grantType A type of OIDC flow that is used to obtain access tokens. Set this parameter to authorization_code.
container.authentication.oauth2.scope A space-separated list of permissions that are required to access Pega Platform. The minimal valid setting of this parameter is openid email profile.
container.authentication.oauth2.tokenEndpoint A URL address of the token endpoint that conforms to the OAuth 2.0 protocol. This endpoint is exposed by the authentication server. Pega Mobile Client connects to this endpoint to authorize users.
container.authentication.oauth2.authorizationEndpoint A URL address of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Mobile Client connects to this endpoint to obtain authorization from the resource owner.
container.authentication.oauth2.redirectUri A URL address of the endpoint to which Pega Mobile Client connects to obtain an authorization code which can be exchanged for the access token. The setting is required for the authorization code grant type.
container.authentication.oauth2.userInfoEndpoint A URL address of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Mobile Client connects to this endpoint to obtain information about the authenticated user.
container.authentication.oauth2.tokenRevocationEndpoint A URL address of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Mobile Client connects to this endpoint to revoke access or to refresh the token.

Parameters that you obtain after you create the client registration service rule

Setting name Description
container.authentication.type An authentication flow for Pega Platform to use. Set this parameter to oauth2.
container.authentication.oauth2.jwtBearer.clientId A client identifier in Pega Platform.
container.authentication.oauth2.jwtBearer.clientSecret A secret value that is shared between the mobile client and Pega Platform.
container.authentication.oauth2.jwtBearer.tokenEndpoint A URL address of the token endpoint that conforms to the OAuth 2.0 protocol. Pega Infinity Mobile Client connects to this endpoint to authorize users who are attempting to access Pega Platform.
container.authentication.oauth2.jwtBearer.tokenRevocationEndpoint A URL address of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Mobile Client connects to this endpoint to revoke access or to refresh the token.
Suggest Edit
Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us