OAuth 2.0

Implementing OAuth 2.0 In Pega As Consumer

OAuth 2.0 is an open-standard authorization framework that allows third-party applications to obtain limited access to user accounts on an HTTP service, without the need for the user to share their credentials with the third-party application.

n Pega, OAuth 2.0 can be used to allow Pega applications to access data or resources from external applications, such as Salesforce or Google Drive. This can be useful for a variety of purposes, such as:

• Integrating Pega with a customer relationship management (CRM) system to access customer data
• Connecting Pega to a document management system to store and retrieve documents
• Integrating Pega with a payment processing system to accept payments

There are five Authorization grant types

1. Authorization Code
2. Client Credentials
3. Implicit (Pega doesn't support this type)
4. Resource owner password credentials (Use this approach when there is high trust between the applications as this requires password sharing)
5. JWT bearer (OpenID Connect token)

Authorization Code 

This grant type can be used when there is a user involved to grant the access. Imagine a scenario where the user is prompted to login to Quora with his Google or Facebook login.

Client Credentials

Use this grant type when two backend applications wants to OAuth2.0  protocol. There are two legs in this authorization type. First we are trying to get the access token with the help of App credentials. Next we try to get the access to the application using the access token.

Implementing OAuth2.0 with client credentials grant type

Step 1

Establishing the client credentials with the application

For further details click on the link and check the implementation information

Now you can run the API call using Postman and get the Access Token.