How to dynamically modify the "scope" of an Authentication Profile for a REST connector?

JACKARTA · September 24, 2025, 5:24am

Hello Community,

I am currently researching how to make a REST service connector (JSON) use a single, centralized Authentication Profile (OAuth 2.0, “Client Credentials” grant type) for multiple connectors.

My goal is to be able to dynamically modify the “scope” parameter of the Authentication Profile, using the specific scope sent in each connector’s request. The main idea is to avoid creating a separate Authentication Profile for each connector when the only difference between them is the scope.

What I have tried:

I attempted to define a variable (e.g., dynamic_scope) in the “Request” tab of the Authentication Profile, hoping to assign a value to it from my connector (for instance, through a Data Page or a Pre-Data Transform). However, when I run the connector, the “scope” value in the Authentication Profile is not updated with the value I am sending.

My specific question is:

Is there a standard or recommended way in Pega for an Authentication Profile to retrieve the “scope” value from the connector’s execution context? In other words, I need a way to “inject” or modify the “scope” value that will be used for that specific transaction right before the Authentication Profile requests the token.

Thank you in advance for any guidance or examples you can share.

thank you!

Sairohith · April 13, 2026, 4:07am

In Pega, you cannot dynamically change the scope of a standard OAuth 2.0 Authentication Profile from a REST connector at run time; the scope is treated as part of the profile configuration itself, and Pega’s documentation updates also state that the required scopes must be configured in the Authentication Profile and granted by the Identity Provider. Your connector-side parameter or pre-processing logic does not override that profile value during the token request, which is why your dynamic variable is not taking effect. The clear solution is to stop using the Authentication Profile for the token call and instead build one reusable token Data Page or Activity that calls the OAuth token endpoint directly, passes the scope as a request parameter, and gets the access token for that transaction. Then use that returned token in the Authorization header of your REST connector. This keeps one centralized implementation, but makes the scope truly dynamic for each request.

Conversation		Replies	Views
REST Connector Authentication with OIDC General pega-platform , senior-system-architect , data-integration , financial-services , 8-7-4	1	169	September 17, 2024
How to use connector from enterprise with different authorization profiles General pega-platform , dx-api	1	48	April 25, 2024
Connect-rest copy OAuth2 access token General pega-platform , system-architect , data-integration , financial-services , 8-8-5	4	108	October 9, 2025
Reuse Authentication service token for REST connector General security , case-management , data-integration , 8-3-5	2	1034	October 6, 2021
Dynamic Access Token URL in Auth Profile General pega-platform , security , 24-2	1	58	October 3, 2025

How to dynamically modify the "scope" of an Authentication Profile for a REST connector?

Related topics