Table of Contents

Build secure custom mobile apps with the OAuth 2.0 framework (8.2)

Build secure custom mobile apps by using Pega Infinity Mobile Client or Pega Mobile Client 7 with the OAuth 2.0 authorization code grant flow.

Your custom mobile apps delegate authorization and authentication to trusted sources. Your apps must also use HTTPS and a trusted SSL certificate to authenticate. This enhancement ensures custom mobile apps protection with an industry-standard authorization and authentication protocol in all stages of app development.

You do not have to manually configure such settings as endpoints or client secret because authorization and authentication service configuration is automatic when you build an application. You can edit this configuration by browsing for your mobile channel name in the list of client registration instances.

Thumbnail
Oauth 2.0 authorization code flow

To build secure custom mobile apps more quickly, choose the default Platform Authentication service. In this configuration, Pega Platform acts as an identity provider, authorization server, and resource server. For example, you can use Platform Authentication to build and test custom mobile apps during development and quality assurance stages without configuring a custom authentication service.

Thumbnail
Secure sign-in using an external agent

You can set up a custom mobile app to either redirect to a login screen of a specific identity provider, or display a selection of available identity providers.

Thumbnail
Selecting an authentication service

You can also configure an additional protection scheme for custom mobile apps, such as a device locking mechanism or biometric sensor authentication. You can use these protection methods to unlock an app that is in offline mode.

Thumbnail
Unlocking an app with custom pin or biometric sensor

For more information, see Configuring additional custom mobile app security for Pega Infinity Mobile Client, Configuring additional custom mobile app security for Pega Mobile Client 7, and Selecting an authentication service.

Suggest Edit

Have a question? Get answers now.

Visit the Pega Support Community to ask questions, engage in discussions, and help others.