We have a requirement to consume a service which is OAuth 2.0 compliant and does not support Basic Authentication. Our present Pega product version is Pega 7.1.7 which does not support OAuth2. So, we are kind of stuck as there are no imminent plans for a Pega 7.2 upgrade.
So can we make two successive calls- first to get the access token and the second to get the actual data (2 Connect-Rest rules) ? Or such a a design is not feasible at all?
Any inputs/implementation steps would be highly appreciated.
***Edited by Moderator Marissa to update categories***
This is available in 7.1.10, if 7.2 is not an option.
I've never tried this nor have I seen any customer implement this. That said, I would think its at least worth trying.
How are you planning to do this? If you're going to use Connect-HTTP, you'll probably need HFix-20753 which modifies invokehttpconnector rule to allow for TLS. Connect-REST has that support. The big "gotcha" I would imagine is choosing auth profile and then making sure anything it adds is OAuth2.0 "ready".
I think you'll need three calls unless you can do the auth call and getToken call in one call. The latter requires an authorization code in the header. Pega's implementation of OAuth2.0 makes 3 calls.
In any case, your last call will just need to pass the token in the authorization header.