Question

2
Replies
198
Views
KOMARINA Member since 2012 85 posts
Accenture
Posted: June 6, 2020
Last activity: June 6, 2020

client secret in Authentication Profile when using OAUTH 2.0 should be optional

Hi,

Greetings. We have a requirement to secure REST API using token generated by Azure AD. Pega is registered as a native app in Azure AD and grant type is password. We were provided with Client id, username, password, resource, scope and client secret but if i send client_secret as one of the parameters, i get an error as below 

{

    "error": "interaction_required",

    "error_description": "AADSTS50158: External security challenge not satisfied. User will be redirected to another page or authentication provider to satisfy additional authentication challenges.\r\nTrace ID: 31a8d86b-8d15-4a60-ad5a-aca50e0b0300\r\nCorrelation ID: f3f2e54b-ddec-43f4-92d8-4c0fc3c41b4e\r\nTimestamp: 2020-06-05 20:43:40Z",

    "error_codes": [

        50158

    ],

 

From Pega client_secret is not optional, but from postman if i ignore the client_secret but pass in remaining keys, i get a proper access_token and refresh_token back.

Can anyone provide me if there is a way to make client_secret optional from Pega?

Regards,

Bharat

Pega Platform 8.4.1 Data Integration Java and Activities Financial Services Lead System Architect
Share this page LinkedIn