Skip to main content

 –

Custom parameters for direct authentication against an external OIDC server

Suggest edit Updated on November 9, 2021

Learn about the parameters to define when you configure direct authentication against an external OpenID Connect (OIDC) server for mobile apps that are based on Pega Infinity Mobile Client.

For the configuration procedure, see Configuring direct authentication against an external OIDC server for Pega Infinity Mobile Client.

The following tables list the available parameters.

Parameters that you obtain from the external OIDC server

ParameterDescription
container.authentication.oauth2.clientIdAn identifier of the mobile app in the OIDC authentication server.
container.authentication.oauth2.clientSecretA secret value that is shared between Pega Infinity Mobile Client and the authentication server. If you perform a public OAuth registration, set this parameter to <null>.
container.authentication.oauth2.grantTypeA type of OIDC flow that is used to obtain access tokens. Set this parameter to authorization_code.
container.authentication.oauth2.scopeA space-separated list of permissions that are required to access Pega Platform. The minimal valid setting of this parameter is openid email profile.
container.authentication.oauth2.tokenEndpointA URL address of the token endpoint that conforms to the OAuth 2.0 protocol. This endpoint is exposed by the authentication server. Pega Infinity Mobile Client connects to this endpoint to authorize users.
container.authentication.oauth2.authorizationEndpointA URL address of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Infinity Mobile Client connects to this endpoint to obtain authorization from the resource owner.
container.authentication.oauth2.redirectUriA URL address of the endpoint to which Pega Infinity Mobile Client connects to obtain an authorization code which can be exchanged for the access token. The setting is required for the authorization code grant type.
container.authentication.oauth2.userInfoEndpointA URL address of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Infinity Mobile Client connects to this endpoint to obtain information about the authenticated user.
container.authentication.oauth2.tokenRevocationEndpointA URL address of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Infinity Mobile Client connects to this endpoint to revoke access or to refresh the token.

Parameters that you obtain after you create the client registration service rule

Setting nameDescription
container.authentication.typeAn authentication flow for Pega Platform to use. Set this parameter to oauth2.
container.authentication.oauth2.jwtBearer.clientIdA client identifier in Pega Platform.
container.authentication.oauth2.jwtBearer.clientSecretA secret value that is shared between Pega Mobile Client and Pega Platform.
container.authentication.oauth2.jwtBearer.tokenEndpointA URL address of the token endpoint that conforms to the OAuth 2.0 protocol. Pega Infinity Mobile Client connects to this endpoint to authorize users who are attempting to access Pega Platform.
container.authentication.oauth2.jwtBearer.tokenRevocationEndpointA URL address of the authorization endpoint that conforms to the OAuth 2.0 protocol. Pega Infinity Mobile Client connects to this endpoint to revoke access or to refresh the token.
Did you find this content helpful? YesNo

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us