Skip to main content

Question

 Jagadeshwar Konda (JagadeshwarK16715641)
deVolksbank
Senior Developer
deVolksbank
NL
JagadeshwarK16715641 Member since 2022 1 post
deVolksbank
Posted: Feb 1, 2024
Last activity: Feb 19, 2024
Posted: 1 Feb 2024 3:57 EST
Last activity: 19 Feb 2024 8:00 EST

How to invoke OAuth POST /token endpoint when OAuth 2.0 Client Registration grant type is SAML Bearer

We have a OAuth 2.0 Client Registration configured the 'grant type' as SAML Bearer. 

We are trying to use /prweb/api/oauth2/v1/token API to get the access token in order to use that token in making our DX API calls. However, the parameters to set in the request when the grant type is SAML bearer is unclear. We tested with other grant types like client credentials and password credentials and this  /prweb/api/oauth2/v1/token  endpoint returns an access token successfully but we need more information on what parameters to pass when it is SAML bearer grant type. What I found is below:

Set the header of 'Content-Type', 'application/x-www-form-urlencoded'

client_id ( we can get from Pega OAuth 2.0 Client Registration: )

client_secret ( we can get from Pega OAuth 2.0 Client Registration: )

grant_type --- ? what will be the value for SAML ? i tried few things like urn:ietf:params:oauth:grant-type:saml2-bearer or SAML or saml2-bearer

scope ---- As per one of the forums i found in google this param should be passed when it is SAML grant type.

 

Could you please give us some guidance on how to invoke this end point using the right parameters and values when the grant type is SAML bearer in OAuth 2.0 Client Registration:

***Edited by Moderator Rupashree to add Capability tags***
To see attachments, please log in.
Pega Infinity
DX API
Security

  • Reply
Posted: 9 months ago
Updated: 9 months ago
Posted: 5 Feb 2024 7:35 EST
Updated: 5 Feb 2024 7:36 EST
Lakshmi Billa (LakshmiBilla)
PEGA
Senior Principal Software Engineer, Services Engineering
Pegasystems Inc.
IN

@JagadeshwarK16715641

Please pass below arguments:

Set the header of 'Content-Type', 'application/x-www-form-urlencoded'

client_id: ( we can get from Pega OAuth 2.0 Client Registration: )

client_secret:  ( we can get from Pega OAuth 2.0 Client Registration: )

grant_type:  urn:ietf:params:oauth:grant-type:saml2-bearer

assertion: <SAML assertion>  

note: scope is optional  

To see attachments, please log in.
Posted: 9 months ago
Posted: 5 Feb 2024 9:15 EST
Jagadeshwar Konda (JagadeshwarK16715641)
deVolksbank
Senior Developer
deVolksbank
NL

@LakshmiBilla  Thanks for the reply.

I already tried with empty scope and also with 

grant_type:  urn:ietf:params:oauth:grant-type:saml2-bearer  as I mentioned in the question however it says unsupported grant type even though it is checked in Client Registration instance  

{

"errors": [

{

"ID": "unsupported_grant_type",

"message": "The grant type is not supported by the authorization server."

}

]

}  

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice