Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Custom parameters for direct authentication against an external OIDC server

Updated on March 3, 2022

Learn about the parameters to define when you configure direct authentication against an external OpenID Connect (OIDC) server for mobile apps that are based on Pega Infinity Mobile Client.

For the configuration procedure, see Configuring direct authentication against an external OIDC server for Pega Infinity Mobile Client.

The following tables list the available parameters.

Parameters that you obtain from the external OIDC server

ParameterDescription
container.authentication.oauth2.clientIdAn identifier of the mobile app in the OIDC authentication server.
container.authentication.oauth2.clientSecretA secret value that is shared between Pega Mobile Client and the authentication server. If you perform a public OAuth registration, set this parameter to <null>.
container.authentication.oauth2.grantTypeA type of OIDC flow that is used to obtain access tokens. Set this parameter to authorization_code.
container.authentication.oauth2.scopeA space-separated list of permissions that are required to access Pega Platform. The minimal valid setting of this parameter is openid email profile.
container.authentication.oauth2.tokenEndpointA URL address of the token endpoint that conforms to the OAuth 2.0 protocol. This endpoint is exposed by the authentication server. Pega Mobile Client connects to this endpoint to authorize users.
container.authentication.oauth2.authorizationEndpointA URL address of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Mobile Client connects to this endpoint to obtain authorization from the resource owner.
container.authentication.oauth2.redirectUriA URL address of the endpoint to which Pega Mobile Client connects to obtain an authorization code which can be exchanged for the access token. The setting is required for the authorization code grant type.
container.authentication.oauth2.userInfoEndpointA URL address of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Mobile Client connects to this endpoint to obtain information about the authenticated user.
container.authentication.oauth2.tokenRevocationEndpointA URL address of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Mobile Client connects to this endpoint to revoke access or to refresh the token.

Parameters that you obtain after you create the client registration service rule

Setting nameDescription
container.authentication.typeAn authentication flow for Pega Platform to use. Set this parameter to oauth2.
container.authentication.oauth2.jwtBearer.clientIdA client identifier in Pega Platform.
container.authentication.oauth2.jwtBearer.clientSecretA secret value that is shared between the mobile client and Pega Platform.
container.authentication.oauth2.jwtBearer.tokenEndpointA URL address of the token endpoint that conforms to the OAuth 2.0 protocol. Pega Infinity Mobile Client connects to this endpoint to authorize users who are attempting to access Pega Platform.
container.authentication.oauth2.jwtBearer.tokenRevocationEndpointA URL address of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Mobile Client connects to this endpoint to revoke access or to refresh the token.
  • Previous topic Configuring direct authentication against an external OIDC server for Pega Infinity Mobile Client
  • Next topic Configuring the client registration for Pega Mobile Client authentication against an external OIDC server

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us