Close popover
Sethu Sankar (SethuS88)
SethuS88 Member since 2015 22 posts
Posted: July 13, 2020
Last activity: July 13, 2020

oAuth 2.0 Single Sign on use case

We have a need to implement single sign on using Ping Federate(broker or access token provider). Behind the scenes Ping would contact Okta. Basically okta is configured as a federated IDP within ping federate. The authentication has to happen through oAuth 2.0 standards.  We are currently running on 7.3

  1. First redirect user agent to PING server<clientid>&response_type=code&scope=openid profile email&redirect_uri=<pega service endpoint >

Upon successful authentication, the redirect will happen to the above pega service endpoint with the auth code.


  1. The above pega service endpoint will have to invoke the create token endpoint to get an access token and an id token using the authcode.


Request : Token Create (authorization code)



   Authorization: Basic <clientId>:<secret>

   api-key: <clientId>

   Content-Type: application/x-www-form-urlencoded

   code=<auth_code>&grant_type=authorization_code&redirect_uri=<pega service endpoint>

The API response will be like the below

Content-Type: application/json


    "token_type": "Bearer",

    "access_token": "adfasf",

    "refresh_token": "adsfasdfas"

    “id_token”: “2342423afsfasdfasd4”


The Id_token from the response has to be used to parse and establish the session on the pegaside for the user. To establish the session without authentication(as the authentication happened externally through okta) using the id token, I want to know whether we have to embed logic within that service that redirects user to an authservice/endpoint (after getting the id token)that will support this (something custom) or do we have any standard auth service OOB meant to handle user redirect/login to support such oAuth2.0 Authorization Code flow for use case like the above

Pega Platform 7.3.1 Security Other Industry Lead System Architect