OAuth (Open Authorization) is a standard framework that allows login access to third-party websites and applications without exposing user account credentials and information. Currently, OAuth2 is the latest version of that standard.
When a product is comprised of components from multiple sources that must share a common user identity, OAuth2 and JSON WebTokens(JWT) provide the means to support single user authentication to the product as a whole. Authentication results in a Single Sign-On (SSO) security token that allows access to all the product services that are enabled to use the token for authorization.
OAuth2, implemented correctly, provides a medium level of security for a broad range of web application architectures, including web browsers, mobile devices, browser-based client applications (such as JavaScript), and B2B client applications.
OAuth2 and JWT standards are enabled in PAS for OpenEdge to allow it to participate in SSO outside a homogeneous OpenEdge environment. This section provides a general description of the OAuth2 and JWT standards, a description of how the standards are supported in PAS for OpenEdge's Spring Security framework, and, instructions on configuring and troubleshooting.
