OAuth 2.0 Token Stored with Operator ID
As of 8.2, when OAuth 2.0 is used for authentication, the token is stored with the Operator ID attached to it. It is causing a huge problem in our application because if I configure a REST Connector with an OAuth 2.0 authentication profile, the calling of the connector will throw an exception for all other operators. Is there a reason for this?
Pegasystems Inc.
US
Can you share the complete error stacks of the exception?
Saltech Consulting
HU
It's a NullPointerException because it's missing the token in the header. The token gets refreshed and stored for one operator, but the others don't have the token, so every activity where it's called only works for one operator.
Saltech Consulting
HU
My main problem is that a lot of APIs only allow Authorization Code as the grant type and they require a user to be logged in. Ideally, I would create a server-to-server connection and would use Client Credentials as the grant type but in my case, I cannot do that. (Eg. Asana and Quickbooks don't allow client credentials as the grant type) However, in my application I want all operators to have access to that API, and under the same user if we have to, with the same token. But because Pega saves the tokens with the Operator ID attached to them, it doesn't matter that I have a working token in the application, it won't be recognized for the others.