There are 10 java applications that are sending request to pega application,do we need 10 Oauth2.O client registration?Or only 1?how will the client id and secret key passed in this case?
For each Pega application, you can have a single OAuth 2.0 configuration and reuse it there is no harm in doing so. However, if the authorization context of the service needs to differ based on the external system that is calling Pega, then you can create separate OAuth security profiles for each system.
Hi @TanyaS58 : Though it is technically feasible to share the same client profile, it is not recommended. It is pretty much same as sharing a common credentials across. I would recommend to use different client registration for each with its own client ID and Client secret.
Thanks.
I agree wtih @ArulDevan . It’s recommneded to create seperate Oauth2.0 registration for each application. With separate client IDs, Pega can identify, control, and monitor each application individually, including assigning different access and rotating secrets without impacting others. With one shared client ID, all 10 apps appear as a single caller, making audit, access control, and troubleshooting harder.
It it better to create separate profiles. This give you granular control, better audit etc