Authorized access token (AAT) is now the default token format used in Pega Platform for OAuth 2.0 access tokens. AAT replaced the previously used opaque tokens.
Authorized access tokens
AATs are self-contained, compact, and digitally signed to be tamperproof.
Pega Platform manages AATs with autogenerated claims and a built-in key rotation strategy. Pega Platform uses JSON Web tokens (JWT) and JSON Web Signature (JWS) standards for managing authorized access tokens.
The following image shows a sample AAT with information on what each part of the token contains:
- Enhanced refresh token strategy
You now have more precise control over your refresh token expiration strategy. When an OAuth 2.0 client application requests a new access token using the refresh token grant type, the Pega Platform response includes the new access token as well as the refresh token. In the Token Management section, you choose the refresh token issuance mechanism and the expiration of various tokens issued by Pega Platform.
- Understanding dynamic client registration
Use dynamic client registration (DCR) to dynamically register trusted third-party applications as OAuth 2.0 clients with Pega Platform. DCR create OAuth 2.0 clients for you, using Pega Platform defaults