Creating and configuring an OAuth 2.

0 provider

Version 8.7
Updated on March 15, 2022
To enable your application to securely access an external application over HTTPS,
create an OAuth 2.0 provider data instance.

Note: OAuth 2.0 provider instances are deprecated. OAuth 2.0 provider instances
that were created prior to version 8.4 are backward compatible. As a best practice,
use unified authentication profiles instead. For more information, see Configuring
an OAuth 2.0 authentication profile.
In the header of Dev Studio, click CreateSecurityOAuth 2.0 Provider.
Enter a name and short description for your OAuth 2.0 provider data instance.
Begin the name with a letter, and use only alphanumeric characters.
Click Create and open.
In the Grant types section, select one or more grant types that define how to
request an access token:
To configure your application to obtain client credentials from the authorization
service, select Client credentials
To configure your application to submit an authorization code request to the
external application to which you want to connect, select Authorization code
To configure your application to exchange your user credentials for an access
token, select Password credentials
In the Authorization code endpoint field, enter the authorization code endpoint URL
you want to connect from the API guide of the application.
Calls to this endpoint produce an access token that you can use to access protected
resources in the external application for a defined period.
In the Access token endpoint field, enter the access token URL you want to connect
from the API guide of the application.
Calls to this endpoint produce an access token that you can use to access protected
resources in the external application for a defined period.
In the Revoke token endpoint field, enter the revoke token URL you want to connect
from the API guide of the application.
Calls to this endpoint revoke the current access tokens for your application.
In the Client authentication scheme section, select how to send the client
credentials:
To send the client credentials (client ID and client secret) to the external
application as a part of the authorization header, select Basic.
To send the client credentials in the body of the POST request, select POST.
In the Send access token as section, select how to send the access token to the
external application:
To allow applications, such as mobile apps, to use third-party tokens to
authenticate with a server, select Authorization header
To allow applications to authenticate requests when you want to express a request
entirely in a URL, select Query string parameter
In the Secure protocol configuration section, in the Lowest allowable SSL/TLS
version field, select the SSL or TLS protocol version that you want to use to
securely connect to the external application by using OAuth 2.0.
In the Security settings section, in the Truststore field, press the Down arrow key
to select a truststore, or click the Open icon to create a truststore.
The truststore contains the server certificate to use in the TLS/SSL handshake.
In the Security settings section, in the Keystore field, press the Down arrow key
to select a keystore, or click the Open icon to create a keystore.
The Pega Platform keystore stores the client's private and public key pair, which
the server uses to authenticate the client machine.
Click Save.Creating and configuring an OAuth 2.0 provider
Version 8.7
Updated on March 15, 2022
To enable your application to securely access an external application over HTTPS,
create an OAuth 2.0 provider data instance.

Note: OAuth 2.0 provider instances are deprecated. OAuth 2.0 provider instances
that were created prior to version 8.4 are backward compatible. As a best practice,
use unified authentication profiles instead. For more information, see Configuring
an OAuth 2.0 authentication profile.
In the header of Dev Studio, click CreateSecurityOAuth 2.0 Provider.
Enter a name and short description for your OAuth 2.0 provider data instance.
Begin the name with a letter, and use only alphanumeric characters.
Click Create and open.
In the Grant types section, select one or more grant types that define how to
request an access token:
To configure your application to obtain client credentials from the authorization
service, select Client credentials
To configure your application to submit an authorization code request to the
external application to which you want to connect, select Authorization code
To configure your application to exchange your user credentials for an access
token, select Password credentials
In the Authorization code endpoint field, enter the authorization code endpoint URL
you want to connect from the API guide of the application.
Calls to this endpoint produce an access token that you can use to access protected
resources in the external application for a defined period.
In the Access token endpoint field, enter the access token URL you want to connect
from the API guide of the application.
Calls to this endpoint produce an access token that you can use to access protected
resources in the external application for a defined period.
In the Revoke token endpoint field, enter the revoke token URL you want to connect
from the API guide of the application.
Calls to this endpoint revoke the current access tokens for your application.
In the Client authentication scheme section, select how to send the client
credentials:
To send the client credentials (client ID and client secret) to the external
application as a part of the authorization header, select Basic.
To send the client credentials in the body of the POST request, select POST.
In the Send access token as section, select how to send the access token to the
external application:
To allow applications, such as mobile apps, to use third-party tokens to
authenticate with a server, select Authorization header
To allow applications to authenticate requests when you want to express a request
entirely in a URL, select Query string parameter
In the Secure protocol configuration section, in the Lowest allowable SSL/TLS
version field, select the SSL or TLS protocol version that you want to use to
securely connect to the external application by using OAuth 2.0.
In the Security settings section, in the Truststore field, press the Down arrow key
to select a truststore, or click the Open icon to create a truststore.
The truststore contains the server certificate to use in the TLS/SSL handshake.
In the Security settings section, in the Keystore field, press the Down arrow key
to select a keystore, or click the Open icon to create a keystore.
The Pega Platform keystore stores the client's private and public key pair, which
the server uses to authenticate the client machine.
Click Save.Creating and configuring an OAuth 2.0 provider

Version 8.7
Updated on March 15, 2022
To enable your application to securely access an external application over HTTPS,
create an OAuth 2.0 provider data instance.

Note: OAuth 2.0 provider instances are deprecated. OAuth 2.0 provider instances
that were created prior to version 8.4 are backward compatible. As a best practice,
use unified authentication profiles instead. For more information, see Configuring
an OAuth 2.0 authentication profile.
In the header of Dev Studio, click CreateSecurityOAuth 2.0 Provider.
Enter a name and short description for your OAuth 2.0 provider data instance.
Begin the name with a letter, and use only alphanumeric characters.
Click Create and open.
In the Grant types section, select one or more grant types that define how to
request an access token:
To configure your application to obtain client credentials from the authorization
service, select Client credentials
To configure your application to submit an authorization code request to the
external application to which you want to connect, select Authorization code
To configure your application to exchange your user credentials for an access
token, select Password credentials
In the Authorization code endpoint field, enter the authorization code endpoint URL
you want to connect from the API guide of the application.
Calls to this endpoint produce an access token that you can use to access protected
resources in the external application for a defined period.
In the Access token endpoint field, enter the access token URL you want to connect
from the API guide of the application.
Calls to this endpoint produce an access token that you can use to access protected
resources in the external application for a defined period.
In the Revoke token endpoint field, enter the revoke token URL you want to connect
from the API guide of the application.
Calls to this endpoint revoke the current access tokens for your application.
In the Client authentication scheme section, select how to send the client
credentials:
To send the client credentials (client ID and client secret) to the external
application as a part of the authorization header, select Basic.
To send the client credentials in the body of the POST request, select POST.
In the Send access token as section, select how to send the access token to the
external application:
To allow applications, such as mobile apps, to use third-party tokens to
authenticate with a server, select Authorization header
To allow applications to authenticate requests when you want to express a request
entirely in a URL, select Query string parameter
In the Secure protocol configuration section, in the Lowest allowable SSL/TLS
version field, select the SSL or TLS protocol version that you want to use to
securely connect to the external application by using OAuth 2.0.
In the Security settings section, in the Truststore field, press the Down arrow key
to select a truststore, or click the Open icon to create a truststore.
The truststore contains the server certificate to use in the TLS/SSL handshake.
In the Security settings section, in the Keystore field, press the Down arrow key
to select a keystore, or click the Open icon to create a keystore.
The Pega Platform keystore stores the client's private and public key pair, which
the server uses to authenticate the client machine.
Click Save.