Creating a custom authentication service for OAuth 2.0 ROPC authentication for mobile apps

When you configure user authentication with OAuth 2.0 tokens, using the Resource Owner Password Credentials (ROPC) authentication flow, you must create a custom authentication service to enable authentication. The Pega Platform installation includes predefined authentication services, such as WebLDAP1, that you can modify to test authentication.

Authentication services are instances of the Data-Admin-AuthService class. They belong to the SysAdmin category. To edit authentication service settings to enable authentication, you must have the pzCanCreateAuthService privilege.
  1. Create an authentication service.
    For more information, see Creating an authentication service.
  2. In the Type list, select Custom.
  3. In the Name field, enter the name of an authentication service, for example WebLDAP_OAuth2.
  4. In the Short description field, enter your name for the servlet that is exposed by the service, for example WebLDAP_OAuth2/prweb/PRWebLDAP_OAuth2.
  5. Click Create and open.
  6. On the Service tab, in the Authentication activity and the Timeout activity fields, enter pyPerformDelegatedAuthentication.
  7. On the Custom tab, in the Other area, in the Authentication fail stream field, enter pyAuthenticationFailedStream.
  8. In the Source of operator credentials field, select Use externally stored credentials.
  9. Click Save.