Skip to main content

Published Release Notes

Find release notes for the selected Pega Version and Capability

Browse resolved issues for Platform releases.

This documentation is for non-current versions of Pega Platform. For current release notes, go here.

Low-code styling in mobile apps

Valid from Pega Version 8.5

The mobile channel now supports enhanced low-code styling and branding of mobile apps. For example, you can customize app icons in three different ways: by uploading an image, by selecting from a list of font icons, or by using the default text-based icons. This enhancement helps you to conveniently customize the look of mobile apps to match the branding guidelines of your company and provide a consistent experience for users across different channels.

For more information, see Applying a custom theme to mobile apps.

Offline support for Cosmos-based mobile apps

Valid from Pega Version 8.5

Mobile apps that are based on the Cosmos design system now support offline mode. Previously, offline-enabled apps had to rely on the classic look. Now, you can use the low-code Cosmos solutions to design apps that operate reliably regardless of the connection status. 

For more information, see Designing apps for offline mode.

Enhanced search in the mobile channel

Valid from Pega Version 8.5

The search configuration now includes up to three additional secondary fields, such as the case ID, category, cost, date, owner, and active channel. The enhancement increases the usability of search on mobile apps and provides more contextual information in the search results.

For more information, see Adding a search gadget.

Improved mobile channel user experience

Valid from Pega Version 8.5

Mobile channel authoring now includes two significant enhancements to the user experience. The new instant run-time preview makes security configuration more convenient. In addition, the offline tab is now present by default, to help you build offline-enabled mobile apps and complete assignments in areas with limited connectivity.

Enhanced swipe support for case actions

Valid from Pega Version 8.5

UI authoring in the mobile channel now offers more case-wide actions that can be performed by swiping on list items. For example, you can add a swipe action to attach an invoice to your expense work item. This enhancement increases usability and work efficiency as it allows for fast, instinctive mobile interactions.

For more information, see Designing a new mobile list page.

Improvements to OAuth 2.0 Services with Token Introspection Service and Token Denylist Service

Valid from Pega Version 8.5

Increase the security of user sessions by using the newly supported Token Introspection and Denylist services for OAuth 2.0.

Token Introspection service

Use the Token Introspection service to validate JSON Web Tokens (JWT). The Token Introspection service requires authentication. 

Pega now uses OAuth 2.0 access tokens called Authorized Access Tokens (AAT). 

Token Introspection service endpoint

The Token Introspection service endpoint provides the information about the status of access token and refresh token. Token introspection can be used to validate if a given token is still active or inactive. The token introspection endpoint determines whether the token is valid. The status indicates whether an access token or refresh token is valid or invalid: 

  • Valid tokens have the “active”:true status
  • Invalid tokens have the “active” :false status.

The inactive status can also be due to revocation. 

Token Denylist service

You can add tokens to the deny list in cases where suspicious activity might have occurred. The Token Denylist service provides a method for denying user access to the application by revoking the user's access token. This service can prevent a token from being used more than the specified number of times, which can be helpful in preventing replay attacks. Stolen tokens should be revoked using this service. A GET API is also available to get the list of denied tokens.

Keys endpoint

Pega Platform™ is changing from using opaque tokens to JSON Web (JWT) tokens. If this JWT is used by any other system, the public key is needed for signature verification. A new endpoint is exposed to provide these public keys in JWK format: https://host:port/prweb/api/oauth2/v1/token/keys.

 

For more information, see OAuth 2.0 Management Services.

Enhanced refresh token strategy

Valid from Pega Version 8.5

You now have more precise control over your refresh token expiration strategy. When a refresh token is enabled, you can choose to set its initial expiration based on the value provided by the IDP. The refresh token expiry can be derived from IDP’s session timeout when SSO is used with external IDP for user authentication in the authorization code grant flow. You can also specify a separate refresh token expiration strategy based on your use-case. 

These can be configured in the OAuth2 Client registration rule form.

For more information, see Enhanced refresh token strategy.

Enhancements to token lifetime limits

Valid from Pega Version 8.5

Pega Platform™ uses OAuth 2.0 authorization codes, access tokens, and refresh tokens to provide flexible token-based security for applications. Expiration settings for these codes and tokens now adhere to certain strict value range based on industry leading practices. For example, the lifetime specified for the authorization code must be in the range 1-600 seconds.

These can be configured in the OAuth2 Client registration rule form.

For more information, see OAuth 2.0 Management Services.

Geolocation tracking for the latest mobile client

Valid from Pega Version 8

The latest version of Pega Mobile Client™ now supports geolocation tracking for offline-enabled mobile apps. You can enable constant tracking when users work on specific cases from their worklists. This enhancement helps audit the trail of the case and increase the efficiency of your mobile users. For example, dispatchers at headquarters can track the routes of field workers and more effectively assign them tasks based on their current location.

For more information, see Tracking mobile users based on geolocation data.

Support for large reference data in offline mobile apps

Valid from Pega Version 7.2

A data page in a Pega 7 Platform mobile application with offline capability enabled can now be marked as a large data page. This feature improves performance significantly when you have a large amount of data in which only individual records change.

In this situation, after the initial sync to the mobile app, only the changes in the large data page are synced instead of the entire large data page. The database table is created for such large data pages in the encrypted SQLite database on the device. Changes such as add, delete, or update are reconciled as row-level updates. Furthermore, you can use JavaScript to query against this data. A large referenced data page is supported by list-based components such as repeating dynamic layout, auto-complete, a dropdown list, and radio button.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us