Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Build secure custom mobile apps with the OAuth 2.0 framework (8.2)

Updated on May 3, 2021

Build secure custom mobile apps by using Pega Infinity Mobile Client or Pega Mobile Client 7 with the OAuth 2.0 authorization code grant flow.

Your custom mobile apps delegate authorization and authentication to trusted sources. Your apps must also use HTTPS and a trusted SSL certificate to authenticate. This enhancement ensures custom mobile apps protection with an industry-standard authorization and authentication protocol in all stages of app development.

You do not have to manually configure such settings as endpoints or client secret because authorization and authentication service configuration is automatic when you build an application. You can edit this configuration by browsing for your mobile channel name in the list of client registration instances.

Oauth 2.0 authorization code flow

To build secure custom mobile apps more quickly, choose the default Platform Authentication service. In this configuration, Pega Platform acts as an identity provider, authorization server, and resource server. For example, you can use Platform Authentication to build and test custom mobile apps during development and quality assurance stages without configuring a custom authentication service.

Secure sign-in using an external agent

You can set up a custom mobile app to either redirect to a login screen of a specific identity provider, or display a selection of available identity providers.

Selecting an authentication service

You can also configure an additional protection scheme for custom mobile apps, such as a device locking mechanism or biometric sensor authentication. You can use these protection methods to unlock an app that is in offline mode.

Unlocking an app with custom pin or biometric sensor

For more information, see Configuring additional custom mobile app security for Pega Infinity Mobile Client, Configuring additional custom mobile app security for Pega Mobile Client 7, and Selecting an authentication service.

  • Previous topic Configure and build custom mobile apps more efficiently with the redesigned Mobile channel (8.2)
  • Next topic Run offline-enabled applications in an enhanced Windows client (8.2)

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us