Custom parameters for direct authentication against an external OIDC server

Learn about the parameters to define when you configure direct authentication against an external OpenID Connect (OIDC) server for mobile apps that are based on Pega Infinity Mobile Client.

For the configuration procedure, see Configuring direct authentication against an external OIDC server for Pega Infinity Mobile Client.

The following tables list the available parameters.

Parameters that you obtain from the external OIDC server
Parameter Description
container.authentication.oauth2.clientId An identifier of the mobile app in the OIDC authentication server.
container.authentication.oauth2.clientSecret A secret value that is shared between Pega Infinity Mobile Client and the authentication server. If you perform a public OAuth registration, set this parameter to <null>.
container.authentication.oauth2.grantType A type of OIDC flow that is used to obtain access tokens. Set this parameter to authorization_code.
container.authentication.oauth2.scope A space-separated list of permissions that are required to access Pega Platform. The minimal valid setting of this parameter is openid email profile.
container.authentication.oauth2.tokenEndpoint A URL address of the token endpoint that conforms to the OAuth 2.0 protocol. This endpoint is exposed by the authentication server. Pega Infinity Mobile Client connects to this endpoint to authorize users.
container.authentication.oauth2.authorizationEndpoint A URL address of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Infinity Mobile Client connects to this endpoint to obtain authorization from the resource owner.
container.authentication.oauth2.redirectUri A URL address of the endpoint to which Pega Infinity Mobile Client connects to obtain an authorization code which can be exchanged for the access token. The setting is required for the authorization code grant type.
container.authentication.oauth2.userInfoEndpoint A URL address of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Infinity Mobile Client connects to this endpoint to obtain information about the authenticated user.
container.authentication.oauth2.tokenRevocationEndpoint A URL address of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Infinity Mobile Client connects to this endpoint to revoke access or to refresh the token.
Parameters that you obtain after you create the client registration service rule
Setting name Description
container.authentication.type An authentication flow for Pega Platform to use. Set this parameter to oauth2.
container.authentication.oauth2.jwtBearer.clientId A client identifier in Pega Platform.
container.authentication.oauth2.jwtBearer.clientSecret A secret value that is shared between Pega Mobile Client and Pega Platform.
container.authentication.oauth2.jwtBearer.tokenEndpoint A URL address of the token endpoint that conforms to the OAuth 2.0 protocol. Pega Infinity Mobile Client connects to this endpoint to authorize users who are attempting to access Pega Platform.
container.authentication.oauth2.jwtBearer.tokenRevocationEndpoint A URL address of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Infinity Mobile Client connects to this endpoint to revoke access or to refresh the token.