About OAuth 2.0 Client Registration data instances
|
|
OAuth is a standard framework that enables secure, delegated access to services via HTTPS. OAuth 2.0 is the next evolution of the OAuth protocol. There are several grant types in the OAuth 2.0 specification.
The Pega 7 Platform can act as an OAuth 2.0 provider to protect your REST services by using the client credentials grant type. In this grant type, an external client (consumer) that supports OAuth 2.0 registers with the service provider that hosts your data and obtains an access token. The client can use the token to access private resources in the Pega 7 Platform for a defined period of time.
Note: The Pega 7 Platform does not support the optional scope parameter that is a part of the OAuth 2.0 specification. The default access group for the OAuth 2.0 operator is the default scope.
Create an OAuth 2.0 Client Registration data instance as part of the process to allow external applications such as Twitter, Facebook, and Google to securely access your REST services, without storing or disclosing individual users' names and passwords.
If you want to use OAuth 2.0 to protect your REST services, select OAuth 2.0 as the Authentication type in the service package to which the REST services belongs. For more information, see Service Package form - Completing the Context tab.
Note: Use OAuth 2.0 to protect the REST services for which the consumer is an application and not an individual user. For example, if an insurance company wants to create new claims adjustment cases, the insurance application can make Pega API REST calls to create the cases. If the Pega API REST services are protected by OAuth 2.0, the client application developer registers the client and uses an access token to make Pega API REST calls. The Pega 7 Platform authorizes the application by using the operator that is tied to the client during registration, and not the operator that is tied to the developer.
Activities that validate tokens from external clients that want to connect to your application, and allow the clients to access your protected resources.
Use the Records Explorer to see all the OAuth 2.0 Client Registration data instances in your system.
The Data-Admin-Security-OAuth2-RegisteredApplication class contains OAuth 2.0 Client Registration data instances. They are part of the Security category.