Question
TD Bank Group
CA
Last activity: 24 Dec 2018 3:15 EST
OAuth2 OpenID Connect
We are trying to implement an OAuth2 OpenID Connect based user authentication. The idea is to redirect to the OAuth2 Identity Provider for login which then redirects to Pega with an authorization code which Pega would use to retrieve a token from the Identity Provider that contains the user identity and other information (Authorization Code Grant Flow).
I can create an OAuth 2.0 Provider and an Authentication Profile that leverages it, but I am not sure how to use it for user authentication. The information I found here is that OOTB it does not seem to be available. I am OK with creating a Custom authentication activity, I just wonder if somebody already did that and could provide some guidance.
Accepted Solution
TD Bank Group
CA
We ended up writing a Connect-REST rule to retrieve the token from the OAuth Provider based on the authorization code received.
It would be good to add this to OOTB features instead of having to write our own rules.
JPMorgan Chase & Company
US
Hi,
Can you please share your authentication service screenshot, based on the ID you can hit the url.
If Authentication Service ID is WebLDAP1, you can use the below link to achieve this.
TD Bank Group
CA
Here is what I am trying to do.
I am using the PRServletCustom servlet (OOTB mapped to CustomSample Authentication Service). My Authentication Service is then using a custom activity to do the following:
- Check if there is an authorization code being sent.
- If no = redirect to OAuth ID Provider for user authentication.
- If yes = use the Authorization Code to retrieve a JWT from the OAuth ID Provider.
- Perform operator creation/update based on LDAP information.
It's with step #1.b that I am not sure how to do it without having to manually call the REST service.
Pegasystems Inc.
IN
As per below article Pega doesn’t support OpenID Connect .
https://collaborate.pega.com/question/oauth2-openid-connect-token-support
Thanks,
Arun
TD Bank Group
CA
Based on this article (which I had read before) it says that it supports the authorization code grant type. This grant type is supposed to be used to retrieve a token based on an authorization code.
I tried to replicate what is currently done in pxIsAccessTokenPresent , but it does not seem to work. It uses an "operatorID" parameter, which I don't have at that point: svcUtilPriv.getOAuth2Client(tools, authProfilePage, operatorId).getAccessToken();
It does not seem to retrieve the token.
Do I need to manually do the token retrieval based on the authorization code I receive?
Accepted Solution
TD Bank Group
CA
We ended up writing a Connect-REST rule to retrieve the token from the OAuth Provider based on the authorization code received.
It would be good to add this to OOTB features instead of having to write our own rules.
Pegasystems Inc.
PL
As of Pega Platform 8.1 this feature is available OOTB for browser and mobile apps.
As of Pega Platform 8.1 this feature is available OOTB for browser and mobile apps. There are community articles describing how this feature can be used with different Idenity Providers, such as Okta, Auth0 or miniOrange.