Dynamic System Settings for OAuth 2.0 authentication with Pega Mobile Client

When you configure user authentication with OAuth 2.0 tokens for Pega Mobile Client, you must create several Dynamic System Settings to enable authentication.

The following table lists required settings and explains their meaning:
Setting name Scope Description
OAuth2/token_endpoint Pega-AppDefinition The URL of the token endpoint that conforms to the OAuth 2.0 protocol. This endpoint is exposed by the authentication server. Pega Mobile Client connects to this endpoint to authorize users who are attempting to access Pega Platform.
OAuth2/userinfo_url Pega-AppDefinition The URL of the userinfo endpoint that conforms to the OpenID Connect 1.0 protocol. This endpoint is exposed by the authenticattion server. Pega Platform connects to this endpoint to obtain basic information about its users.
OAuth2/client_secret Pega-AppDefinition A secret value that is shared between Pega Mobile Client and the authentication server. This value of this setting must match the corresponding value configured in the authentication server.
OAuth2/client_id Pega-AppDefinition Identifier of the Pega Mobile Client in the authentication server. This value of this setting must match the corresponding value configured in the authentication server.
OAuth2/scope Pega-AppDefinition The space-separated list of permissions that users must have in order to access Pega Platform. Because Pega Platform needs to determine the identities and email addresses of users, the list must include "email" and "profile" scopes. Therefore, the minimal valid setting is email profile.
OAuth2/grant_type Pega-AppDefinition The type of OAuth 2.0 flow that is used to obtain access tokens. It must be set to password.
authentication_type Pega-AppDefinition A setting that notifies Pega Platform whether to authenticate mobile users based on user credentials or OAuth 2.0 tokens.
  • To use OAuth 2.0 token-based authentication, set the value to oauth2.
  • To use credentials-based authentication, set the value to basic or leave it blank.
authentication/maxLoginAttemptsCount Pega-Engine This setting is used for handling OAuth 2.0 server connectivity problems. Set the value to a number of failed attempts to connect to the userinfo endpoint of the OAuth 2.0 server that can occur before Pega Platform returns an internal server error.