Grant types

An OAuth 2.0 provider data instance is an external application to which your application connects to negotiate a token that provides your application with access to an external application for a defined period.

The grant types that Pega Platform OAuth 2.0 providers support are client credentials, authorization code, and password credentials. You can use these grant types alone or in combination with each other.

Client credentials grant type

With the client credentials grant type, you obtain client credentials from the external application to which you want to connect. Your application can use these credentials to generate an access token. Use this grant type when the OAuth 2.0 consumer is an application and not an individual operator or user

Authorization code grant type

With the authorization code grant type, your application submits an authorization code request to the external application to which you want to connect. The authorization server of the external application validates the credentials in the request, and then authenticates with your user credentials to produce an authorization code. Your application then uses the code to generate an access token, which grants access to protected resources on the external application. Use this grant type when your application does not have a trusted relationship with the API provider. For example, you can connect to Facebook from your Pega Platform application to access your photos.

Password credentials grant type

With the password credentials grant type, your application exchanges your user credentials for an access token. Use this grant type when your application has a trusted relationship with the API provider or when the provider does not support other authorization grants.

You can ensure that your application securely accesses external REST service APIs by creating an OAuth 2.0 provider data instance. Each external application handles the OAuth 2.0 protocol in a unique way. For more information, see the API guide for your application.