Configuring an OAuth 2.0 Client Registration data instance

Complete the Client Information tab to store the data of an external client that you want to connect to your Pega Platform application by using the client credentials grant type in OAuth 2.0.

Client credentials

This section contains the credentials that are generated when you register the client.

Field Description
Client ID Unique ID that is assigned to the client.
Client secret Password that is assigned to the client.
Access token endpoint The request URL that you can access to receive an access token for the client as a response after authentication. Your REST service authenticates the client by using the client ID and client secret.
Token revocation endpoint The request URL that you can access. After authentication, you can revoke an already issued access token for the client. When the token is revoked, the system returns an HTTP status code 200 as a response, and all subsequent requests that the client sends by using the token result in an error.
  • To see the client secret, click View and Download, and then click Download Credentials in the Copy Client Secret dialog box to save the client credentials in a .txt file.

  • To generate a new password for the client, click Regenerate Client secret. When you click this button, the system revokes any active access token that was issued for the client.
  • To revoke all the access tokens for the client, click Revoke access token.

Grant types

In this section, you select the grant types that you want to support.

Field Description
Client Credentials Select this check box to choose an operator that your application uses to authorize the OAuth 2.0 client. Then enter the following:
  • Operator ID – Unique ID that is assigned to the operator.
    CAUTION:
    This operator must not represent a human user who can log in to the system. The operator must be reserved for an OAuth 2.0 client that wants to access resources in Pega Platform. You can modify the scope of the operator's access group to allow the client to access selective resources in Pega Platform.
Password credentials Select this check box to choose to use user credentials to authorize the OAuth 2.0 client. Then enter the following:
  • Identity mapping – Validates the operator credentials and converts them to the OAuth 2.0 access token.
  • Use refresh token – Select this check box to use a refresh token to obtain a new access token when your previous access token has expired.
SAML bearer Select this check box to use a SAML assertion to authorize the OAuth 2.0 client in your application. Then enter the following:
  • Identity mapping – Extracts the information from the SAML assertion and converts it to the OAuth 2.0 access token.
JWT bearer Select this check box to use a JSON Web Token assertion to authorize the OAuth 2.0 client. Then enter the following:
  • Identity mapping – Extracts the information from the JSON Web Token assertion and converts it to the OAuth 2.0 access token.

Token life time

Field Description
Access token lifetime (in seconds) Enter the time period in seconds during which an access token is valid for the user. The default value is 3600 seconds.
Refresh token lifetime (in seconds) Enter the time period in seconds during which a refresh token is valid for the user. The default value is 86400 seconds.