Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

OAuth 2.0 providers

Updated on March 15, 2022

The OAuth 2.0 protocol provides your application with secure authentication in open networks with external applications, such as Twitter, Facebook, and Google, over HTTPS. You define OAuth 2.0 provider data instances so that Pega Platform can access protected external resources by using access tokens.

Note: OAuth 2.0 provider instances are deprecated. As a best practice, use unified authentication profiles instead. OAuth 2.0 provider instances that were created prior to version 8.4 are backward compatible. For more information, see Configuring an OAuth 2.0 authentication profile.

Grant types

An OAuth 2.0 provider data instance is an external application to which your application connects to negotiate a token that provides your application with access to an external application for a defined period.

The grant types that Pega Platform OAuth 2.0 providers support are client credentials, authorization code, and password credentials. You can use these grant types alone or in combination with each other.

Client credentials grant type

With the client credentials grant type, you obtain client credentials from the external application to which you want to connect. Your application can use these credentials to generate an access token. Use this grant type when the OAuth 2.0 consumer is an application and not an individual operator or user.

Authorization code grant type

With the authorization code grant type, your application submits an authorization code request to the external application to which you want to connect. The authorization server of the external application validates the credentials in the request, and then authenticates with your user credentials to produce an authorization code. Your application then uses the code to generate an access token, which grants access to protected resources on the external application. Use this grant type when your application does not have a trusted relationship with the API provider. For example, you can connect to Facebook from your Pega Platform application to access your photos.

Password credentials grant type

With the password credentials grant type, your application exchanges your user credentials for an access token. Use this grant type when your application has a trusted relationship with the API provider or when the provider does not support other authorization grants.

You can ensure that your application securely accesses external REST service APIs by creating an OAuth 2.0 provider data instance. Each external application handles the OAuth 2.0 protocol in a unique way. For more information, see the API guide for your application.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us