Configuring Pega Mobile Client to authenticate against Auth0
This article describes how to configure a mobile app, based on Pega Mobile Client, to authenticate against Auth0 Identity Platform from Auth0®, Inc. The configuration is based on the recommended approach of using Pega Platform as an Identity Broker.
The solution has been tested with Pega Platform 8.1.1 and Pega Mobile Client 7.41.0
The approach of having Pega Platform act as an identity broker requires us to configure two authentication processes - one between Pega Platform and Auth0, and one between Pega Mobile Client and Pega Platform. We will use OpenID Connect (OIDC) protocol for both processes.
Step 1: Configure integration between Pega Platform and Auth0 using OIDC protocol
This step is not specific to Pega Mobile Client, you just need to configure an application in Auth0 and authentication service in Pega as described here.
Step 2: Configure integration between Mobile Client and Pega Platform
In order to allow Mobile Client to authenticate against Pega Platform with OIDC protocol you need to create a client registration endpoint in Pega Platform.
Note: starting from Pega Platform 8.2, this process is automated, but since this article is about Pega Platform 8.1, you need to do it manually.
The steps you need to follow are outlined here. However, because we want to use OpenID Connect protocol, you need to make the following adjustments to registration endpoint configuration:
- Choose authorization code as the only supported grant type
- Add the Redirect URI. In later steps you will configure your native app to register as a handler for this URI, so the scheme should be unique to your native app
- Enable refresh token
- Enable PKCE, because this is recommended for distributed native apps, and in this configuration your client is a native app.
Step 3: Build the mobile app
Follow the process described here, there is nothing specific to Auth0.
Step 4: Login to your mobile app
Verify the end-user experience by testing the login process on an actual mobile device. After starting the app for the 1st time, it should display the screen with "Log in" button. Tapping "Log in" opens an external web browser, such as Chrome, and loads the Auth0 login page. After successful authentication, the user is brought back to your app, which proceeds to prepare and run your Pega application.
Subsequent starts of the mobile app will skip the login process, taking the end-user straight to the Pega application.
Troubleshooting
In case of any problems with the integration, refer to Troubleshooting OpenID Connect (OIDC) integrations article.