Using JWTs as Authorization Grants

Question

Naveen Chakravarthy

Member since 2023

7 posts

Inovar

Posted: Apr 16, 2018

Last activity: Apr 27, 2018

Posted: 16 Apr 2018 5:58 EDT
Last activity: 27 Apr 2018 5:36 EDT

Closed

Using JWTs as Authorization Grants

Report

Hi Team,

I am currently working enabling OAuth Authentication with JWT bearer for Services exposed from Pega. This is done by enabling OAuth authentication for REST and by creating OAuth 2.0 Client Registration. When OAuth 2.0 Client Registration, JWT bearer was used as grant type.

According to RFC7523 JWT specification (refer to 2.1 in document https://tools.ietf.org/html/rfc7523#page-4) , client secret is required. But Pega OAuth 2.0 Client Registration doesn’t work without client_secret. Please suggest

To see attachments, please log in.

Data Integration

Like (0)
Share this page Facebook Twitter LinkedIn Email Copying... Copied!

Posted: 6 years ago

Posted: 16 Apr 2018 6:03 EDT

Naveen Chakravarthy

Inovar

replied to Naveen Chakravarthy

Report

Sorry Just correction. According to RFC7523 JWT specification (refer to 2.1 in document https://tools.ietf.org/html/rfc7523#page-4) , client secret is not required. But Pega OAuth 2.0 Client Registration doesn’t work without client_secret when configured with JWT bearer . Please suggest

To see attachments, please log in.

Like (0)

Posted: 6 years ago

Posted: 27 Apr 2018 5:30 EDT

Srikanth

PEGA

replied to Naveen Chakravarthy

Report

Yes, Pega requires the client secret. There is no support for public clients with ROPC grant type. Can you explain why it is difficult for you to send the secret?

To see attachments, please log in.

Like (0)

Question

Using JWTs as Authorization Grants

Need help or want to help others?

Experience the benefits of Support Center when you log in.

Question

Using JWTs as Authorization Grants

Related content:

Need help or want to help others?

Experience the benefits of Support Center when you log in.

We'd prefer it if you saw us at our best.