The OAuth 2.0 protocol allows mobile native applications and external applications such as Facebook and Google to communicate securely with Pega Platform over HTTPS. You define OAuth 2.0 client registration data instances to allow external applications to access Pega Platform REST services by using access tokens.
An OAuth 2.0 client data instance is an external application that requests access to Pega Platform. When Pega Platform and the client use OAuth 2.0, they negotiate a token that allows the client to access Pega Platform for a defined period.
The grant types supported by Pega Platform OAuth 2.0 clients are authorization code, client credentials, password credentials, Security Assertion Markup Language (SAML) bearer assertion, and JSON Web Tokens (JWT) bearer assertion. You can use these grant types alone or in combination with each other.