Build secure custom mobile apps by using Pega Infinity Mobile Client or Pega Mobile Client 7 with the OAuth 2.0 authorization code grant flow.

Your custom mobile apps delegate authorization and authentication to trusted sources. Your apps must also use HTTPS and a trusted SSL certificate to authenticate. This enhancement ensures custom mobile apps protection with an industry-standard authorization and authentication protocol in all stages of app development.

You do not have to manually configure such settings as endpoints or client secret because authorization and authentication service configuration is automatic when you build an application. You can edit this configuration by browsing for your mobile channel name in the list of client registration instances.

To build secure custom mobile apps more quickly, choose the default Platform Authentication service. In this configuration, Pega Platform acts as an identity provider, authorization server, and resource server. For example, you can use Platform Authentication to build and test custom mobile apps during development and quality assurance stages without configuring a custom authentication service.

You can set up a custom mobile app to either redirect to a login screen of a specific identity provider, or display a selection of available identity providers.

You can also configure an additional protection scheme for custom mobile apps, such as a device locking mechanism or biometric sensor authentication. You can use these protection methods to unlock an app that is in offline mode.

For more information, see Configuring additional custom mobile app security for Pega Infinity Mobile Client, Configuring additional custom mobile app security for Pega Mobile Client 7, and Selecting an authentication service.