Authorize applications with the OAuth 2.0 authorization code grant type
Pega Platform™ now supports the OAuth 2.0 authorization code grant type, which allows Pega Platform to act as an OAuth 2.0 access token provider for native applications on mobile and other devices. By using the authorization code grant type for mobile clients, you no longer need to implement a variety of standards for various authentication providers.
The authorization code grant type also supports the Proof Key for Code Exchange standard (PKCE) for securing public clients.
The following figure shows an OAuth 2.0 client registration rule with an authorization code grant type.
OAuth 2.0 client registration rule with authorization code grant type
For more information, see Creating and configuring an OAuth 2.0 client registration.
Previous topic Process personal client data securely with client-based access control Next topic Improve your system security by regenerating the master key