How to provide an OAuth authentication for Service REST in PEGA?

In this particular post, we will learn how to provide OAuth authentication for REST service in PEGA. We will use Postman to test the same.

OAuth provides a secure way of data transfer between the applications without revealing the user’s identity or credentials. It is a token-based authentication to access a resource. For example, Google, Facebook, Amazon uses OAuth authentication for their users to provide third-party merchant applications.

Pre-requisites

Step 1: Register as an OAuth Client

In PEGA -> DEV Studio, access the Security -> OAuth Client 2.0 Client Registration records

Create a new client — Click — Create Button

Registring the client as a Local Postman [As testing from Postman in the local machine]

You will see the Client Credentials as below. Click — View & Download button to download the client credentials.

It will download a text file in your downloads folder

Step 2: Verify and update the supported grant types

There are different supported grant types the OAuth authorization server supports. Authorization code, Client Credentials, Password Credentials, SAML bearer and JWT bearer.

For this learning enable — Client Credentials and Password Credentials

Client Credentials: Set the Operator Context or Access Group context

Password Credentials: Provide the default Identify mapping