I am currently trying to leverage on OAuth as SSO from another web application. From the guide, I understand that I need to register the client via OAuth 2.0 Client Registration to generate corresponding Client ID and Client Secret. However, I noticed that these credentials are tied to a specific operator ID which means that I need to maintain many different credentials should I wish to SSO for different users. Hence, is there any way I can generate one OAuth credential that can be used by many different users?
I have no issue accessing the APIs. What I am facing now is the oAuth 2.0 generated credentials are tied to a single operator ID. As such, if I am integrating with an external application, I will need to generate every single oAuth credential for every operator ID. Due to security reason, it is also not possible to maintain every oAuth credential in any repository (i.e. database).
What I can achieve to SSO from external application currently is to tie a surrogate or service operator ID as the oAuth 2.0 client. But if I do that, workflow actions such as case creation or update information will reflect that it is performed by the service ID instead of the intended logged-in user ID (from external application).
Hence, what I am asking for is if PEGA has ways to configure oAuth client that does not tied to any operator ID and thus, allows the SSO to use external logged-in user ID?