Thank you @VinodSeraphin for putting this document together.
See more: Constellation 101
If you’ve been building Constellation applications using Web Embed or SDKs, you’ve likely encountered the challenge of managing OAuth 2.0 authentication flows. Traditionally, the “Authorization Code Grant Flow” has been the go-to for public client flows. However, it relies heavily on browser redirects or popups to an external Identity Provider (IDP). While standard you might want to try different approach.
Custom Bearer Grant Type
The Custom Bearer Grant Type evolves the authentication process by allowing the client to negotiate a Pega Infinity access token directly via a custom activity. This eliminates the need for intermediate server (that is typically needed to negotiate token with Infinity) or disruptive client-side redirects (as it is present in code auth flow).
Key Benefits:
- Seamless UX: No visible redirects or popups for the end-user.
- Simplified Architecture: Removes the need for a separate “token-negotiating” server.
- Flexibility: You define the authentication logic within a Pega Activity.
How to Enable It
To start using this feature, you need to enable it via a Dynamic System Setting (DSS):
- Create/Update DSS: CustomAuthForPegaEmbed
- Owning Ruleset: Pega-Engine
- Value: true
Once enabled, you will see the “Custom bearer” checkbox in your OAuth 2.0 Client Registration records.
Configuration
Please read attached documentation in PDF. High level configuration steps:
- Configure Authentication Activity
- Client Integration (Web Embed or SDKs)
Important Considerations
While powerful, remember that “Custom Bearer” is not a standard OAuth 2.0 grant flow.
- It places the responsibility of authentication logic entirely on your custom activity.
- It does not offer “out-of-the-box” integration with external IDPs (like SAML or OIDC) in the way standard flows do; you must implement any necessary server-to-server validation within your activity.
- Tokens returned are standard Infinity JWTs.
Custom Bearer Grant Type.pdf (563 KB)