Custom parameters for direct authentication against an external OIDC server
Learn about the parameters to define when you configure direct authentication against an external OpenID Connect (OIDC) server for mobile apps that are based on Pega Infinity Mobile Client.
You register your app with the external identity provider and obtain a set of parameters. You also configure the Pega Platform client registration service and obtain another set of parameters. Then you upload both sets to Pega Platform before you build the mobile app executable files.The following tables list the available parameters.
Parameter | Description |
---|---|
|
An identifier of the mobile app in the OIDC authentication server. |
container.authentication.oauth2.clientSecret |
A secret value that is shared between Pega Infinity Mobile Client and the authentication server. If you perform a public OAuth registration, set this parameter to <null>. |
container.authentication.oauth2.grantType |
A type of OIDC flow that is used to obtain access tokens. Set this parameter to authorization_code. |
container.authentication.oauth2.scope |
A space-separated list of permissions that are required to access Pega Platform. The minimal valid setting of this parameter is openid email profile. |
container.authentication.oauth2.tokenEndpoint |
A URL address of the token endpoint that conforms to the OAuth 2.0 protocol. This endpoint is exposed by the authentication server. Pega Infinity Mobile Client connects to this endpoint to authorize users. |
container.authentication.oauth2.authorizationEndpoint |
A URL address of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Infinity Mobile Client connects to this endpoint to obtain authorization from the resource owner. |
container.authentication.oauth2.redirectUri |
A URL address of the endpoint to which Pega Infinity Mobile Client connects to obtain an authorization code which can be exchanged for the access token. The setting is required for the authorization code grant type. |
container.authentication.oauth2.userInfoEndpoint |
A URL address of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Infinity Mobile Client connects to this endpoint to obtain information about the authenticated user. |
container.authentication.oauth2.tokenRevocationEndpoint |
A URL address of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Infinity Mobile Client connects to this endpoint to revoke access or to refresh the token. |
Setting name | Description |
---|---|
container.authentication.type |
An authentication flow for Pega Platform to use. Set this parameter to oauth2. |
container.authentication.oauth2.jwtBearer.clientId |
A client identifier in Pega Platform. |
container.authentication.oauth2.jwtBearer.clientSecret |
A secret value that is shared between Pega Mobile Client and Pega Platform. |
container.authentication.oauth2.jwtBearer.tokenEndpoint |
A URL address of the token endpoint that conforms to the OAuth 2.0 protocol. Pega Infinity Mobile Client connects to this endpoint to authorize users who are attempting to access Pega Platform. |
container.authentication.oauth2.jwtBearer.tokenRevocationEndpoint |
A URL address of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Infinity Mobile Client connects to this endpoint to revoke access or to refresh the token. |