Posted: 21 Dec 2017 8:46 EST Last activity: 24 Dec 2018 3:15 EST
OAuth2 OpenID Connect
We are trying to implement an OAuth2 OpenID Connect based user authentication. The idea is to redirect to the OAuth2 Identity Provider for login which then redirects to Pega with an authorization code which Pega would use to retrieve a token from the Identity Provider that contains the user identity and other information (Authorization Code Grant Flow).
I can create an OAuth 2.0 Provider and an Authentication Profile that leverages it, but I am not sure how to use it for user authentication. The information I found here is that OOTB it does not seem to be available. I am OK with creating a Custom authentication activity, I just wonder if somebody already did that and could provide some guidance.
Based on this article (which I had read before) it says that it supports the authorization code grant type. This grant type is supposed to be used to retrieve a token based on an authorization code.
I tried to replicate what is currently done in pxIsAccessTokenPresent , but it does not seem to work. It uses an "operatorID" parameter, which I don't have at that point: svcUtilPriv.getOAuth2Client(tools, authProfilePage, operatorId).getAccessToken();
It does not seem to retrieve the token.
Do I need to manually do the token retrieval based on the authorization code I receive?
As of Pega Platform 8.1 this feature is available OOTB for browser and mobile apps. There are community articles describing how this feature can be used with different Idenity Providers, such asOkta, Auth0 or miniOrange.