Close popover

Table of Contents

OAuth 2.0 providers

Version:

The OAuth 2.0 protocol provides your application with secure authentication in open networks with external applications, such as Facebook, and Google, over HTTPS. You define OAuth 2.0 provider data instances so that Pega Platform can access protected external resources by using access tokens.

OAuth 2.0 provider instances are deprecated. As a best practice, use unified authentication profiles instead. OAuth 2.0 provider instances that were created prior to version 8.4 are backward compatible. For more information, see Configuring an OAuth 2.0 authentication profile.

Grant types

An OAuth 2.0 provider data instance is an external application to which your application connects to negotiate a token that provides your application with access to an external application for a defined period.

The grant types that Pega Platform OAuth 2.0 providers support are client credentials, authorization code, and password credentials. You can use these grant types alone or in combination with each other.

Client credentials grant type

With the client credentials grant type, you obtain client credentials from the external application to which you want to connect. Your application can use these credentials to generate an access token. Use this grant type when the OAuth 2.0 consumer is an application and not an individual operator or user

Authorization code grant type

With the authorization code grant type, your application submits an authorization code request to the external application to which you want to connect. The authorization server of the external application validates the credentials in the request, and then authenticates with your user credentials to produce an authorization code. Your application then uses the code to generate an access token, which grants access to protected resources on the external application. Use this grant type when your application does not have a trusted relationship with the API provider. For example, you can connect to Facebook from your Pega Platform application to access your photos.

Password credentials grant type

With the password credentials grant type, your application exchanges your user credentials for an access token. Use this grant type when your application has a trusted relationship with the API provider or when the provider does not support other authorization grants.

You can ensure that your application securely accesses external REST service APIs by creating an OAuth 2.0 provider data instance. Each external application handles the OAuth 2.0 protocol in a unique way. For more information, see the API guide for your application.

  • Creating and configuring an OAuth 2.0 provider

    To enable your application to securely access an external application over HTTPS, create an OAuth 2.0 provider data instance.

  • Setting up an OAuth 2.0 provider
  • OAuth 2.0 client registrations

    The OAuth 2.0 protocol allows mobile native applications and external applications such as Facebook and Google to communicate securely with Pega Platform over HTTPS. You define OAuth 2.0 client registration data instances to allow external applications to access Pega Platform REST services by using access tokens.

  • Configuring an OAuth 2.0 authentication profile

    Configure an OAuth 2.0 authentication profile to secure messages that your application sends and receives, by using an OAuth 2.0 token-based authorization process. You define OAuth 2.0 authentication profiles for Pega Platform to securely access external REST service APIs with access tokens.

Suggest Edit

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.