Custom parameters for OAuth 2.0 ROPC authentication for custom mobile apps
When you configure user authentication with OAuth 2.0 tokens, using the Resource Owner Password Credentials (ROPC) authentication flow, you define several custom parameters to enable authentication.
| Setting name | Description |
|---|---|
| container.authentication.oauth2.authorizationEndpoint | The URL of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Mobile Client connects to this endpoint to obtain authorization from the resource owner through user-agent redirection. The setting is required for "Authorization Code" grant type. |
| container.authentication.oauth2.clientId | Identifier of the Pega Mobile Client in the authentication server. This value of this setting must match the corresponding value configured in the authentication server. |
| container.authentication.oauth2.clientSecret | A secret value that is shared between Pega Mobile Client and the authentication server. This value of this setting must match the corresponding value configured in the authentication server. |
| container.authentication.oauth2.grantType | The type of OAuth 2.0 flow that is used to obtain access tokens. It must be set to password. |
| container.authentication.oauth2.scope | The space-separated list of permissions that users must have in order to access Pega Platform. Because Pega Platform needs to determine the identities and email addresses of users, the list must include "email" and "profile" scopes. Therefore, the minimal valid setting is email profile. |
| container.authentication.oauth2.tokenEndpoint | The URL of the token endpoint that conforms to the OAuth 2.0 protocol. This endpoint is exposed by the authentication server. Pega Mobile Client connects to this endpoint to authorize users who are attempting to access Pega Platform. |
| container.authentication.oauth2.redirectUri | The URI of the endpoint that Pega Mobile Client connects to, to obtain authorization code which can be exchanged for access token. The setting is required for "Authorization Code" grant type. |
| container.authentication.oauth2.userInfoEndpoint | The URL of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Mobile Client connects to this endpoint to obtain information about authenticated user. The setting is required for "Authorization Code" grant type. |
| container.authentication.oauth2.tokenRevocationEndpoint | The URL of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Mobile Client connects to this endpoint to revoke access or refresh the token. Optional. |
| container.authentication.oauth2.service | A name of the authentication service configured on a Pega Platform server. Optional. |