Open Authorization 2.0 (OAuth2) is a standard for online authorization providing login access to third-party websites and applications without exposing user account credentials. To use OAuth2, PAS for OpenEdge must be configured to act as a resource server. OpenEdge security administrators must configure for PAS for OpenEdge to use OAuth2. Once configured, PAS for OpenEdge unlocks and validates OAuth2 tokens and then converts the tokens to CLIENT-PRINCIPAL objects. ABL developers use the CLIENT-PRINCIPAL object to authenticate and authorize access to ABL application resources.

For an introduction to OAuth2, watch:

The configuration of PAS for OpenEdge depends on the client and authorization server choices. These choices determine the information required to unlock and validate the token containing the user account credentials. PAS for OpenEdge needs these details to unlock and validate the token before converting the token into a CLIENT-PRINCIPAL object.