We are implementing a hybrid Pega application where a Traditional UI harness hosts a custom Constellation DX API (v2) component. The component must securely obtain an OAuth 2.0 PKCE access token for the currently logged-in user.

Observed behavior:

• After basic authentication, Pega sets the Pega-RULES cookie with path /prweb/app/<app-name>.

• OAuth2 endpoints (/prweb/api/oauth2/v1/...) and DX API endpoints (/prweb/PRRestService/...) are outside that path.

• As a result, the cookie is not included, and the OAuth2 flow triggers a new login prompt.

Workarounds tested:

• Manual re-authentication (functional but disruptive).

• Manually widening the cookie path to /prweb (works temporarily but is unstable and reset by Pega).

Question: What is the supported approach in Pega for enabling a hybrid Traditional/Constellation application to complete OAuth2 PKCE authentication against DX API v2, without requiring duplicate logins or manual cookie manipulation?