How to Pass End-User Identity to Pega When Using OAuth Client Credentials Grant with DX API

Hi All,

We have a React application that communicates with Pega using the DX API. For authentication, we are using the OAuth 2.0 Client Credentials grant type. Currently, all cases created via the API are audited under the service account associated with the client credentials, rather than the actual end-user who initiated the action in the React app.

Is there a recommended approach to pass the end-user’s identity (e.g., username) to Pega, so that case history, assignment creation, and auditing reflect the real user instead of the service account? Are there best practices or supported patterns for achieving this with the DX API and OAuth client credentials flow?

Any guidance or examples would be greatly appreciated!

Thank you.

Client credentials is more server to server authentiation so there is no standard way to impersonate user.

This is typically supported but auth code flow? Are you able to switch to it?
If not then maybe you can explore customAuth flow? Custom Bearer Grant Type

I believe using JSON Web Tokens (JWT) between services is a common way to handle authentication and authorization in micro services.

OAuth 2.0 JWT Bearer Token Authentication might help for your scenario.