Creating and configuring an OAuth 2.0 provider data instance
Create an OAuth 2.0 provider data instance to enable your application to securely access an external application over HTTPS.
Note: OAuth 2.0 provider instances are deprecated. OAuth 2.0 provider instances that were
created prior to version 8.4 are backward compatible. As a best practice, use unified
authentication profiles instead. For more information, see Configuring an OAuth 2.0 authentication profile.
- In the header of Dev Studio, click Create > Security > OAuth 2.0 Provider.
-
Enter a name and short description for your OAuth 2.0 provider data instance.
Begin the name with a letter, and use only alphanumeric characters.
- Click Create and open.
-
In the Grant types section, select one or more grant types that
define how to request an access token:
- To configure your application to obtain client credentials from the authorization service, select Client credentials
- To configure your application to submit an authorization code request to the external application to which you want to connect, selectAuthorization code
- To configure your application to exchange your user credentials for an access token, select Password credentials
-
In the Authorization code endpoint field, enter the
authorization code endpoint URL you want to connect from the API guide of the
application.
Calls to this endpoint produce an access token that you can use to access protected resources in the external application for a defined period.
-
In the Access token endpoint field, enter the access token URL
you want to connect from the API guide of the application.
Calls to this endpoint produce an access token that you can use to access protected resources in the external application for a defined period.
-
In the Revoke token endpoint field, enter the revoke token URL
you want to connect from the API guide of the application.
Calls to this endpoint revoke the current access tokens for your application.
-
In the Client authentication scheme section, select how to send
the client credentials:
- To send the client credentials (client ID and client secret) to the external application as a part of the authorization header, selectBasic.
- To send the client credentials in the body of the POST request, POST.
-
In the Send access token as section, select how to send the access
token to the external application:
- To allow applications, such as mobile apps, to use third-party tokens to authenticate with a server, select Authorization header
- To allow applications to authenticate requests when you want to express a request entirely in a URL, selectQuery string parameter
- In the Secure protocol configuration section, in the Lowest allowable SSL/TLS version field, select the SSL or TLS protocol version that you want to use to securely connect to the external application by using OAuth 2.0.
-
In the Security settings section, in the
Truststore field, press the Down arrow key to select a
truststore, or click the Open icon to create a truststore.
The truststore contains the server certificate to use in the TLS/SSL handshake.
-
In the Security settings section, in the
Keystore field, press the Down arrow key to select a keystore, or
click the Open icon to create a keystore.
The keystore stores the Pega Platform client's private/public key pair the server uses to authenticate the client.
- Click Save.