Configure PAS for OpenEdge to use OAuth2
- Last Updated: June 17, 2026
- 2 minute read
- OpenEdge
- Version 12.8
- Documentation
Open Authorization 2.0 (OAuth2) is a standard for online authorization providing login access to third-party websites and applications without exposing user account credentials.
The user's perspective
In the simplest form, an OAuth2 client logs into an application and receives a token in return by supplying their credentials.
How PAS for OpenEdge uses the token
When an OAuth2 client requests a resource, a configured PAS for OpenEdge instance requires a valid access token before allowing the client to access the service. The PAS for OpenEdge instance validates with an authorization server. The exact validation process depends on the configuration of PAS for OpenEdge and the third-party authorization server.
To demonstrate the token exchange, this guide uses OESECTOOL as a test authorization server and then explores additional configurations available with third-party authorization servers.
How to configure PAS for OpenEdge to use OAuth2
To use OAuth2, OpenEdge security administrators must configure PAS for OpenEdge to act as a resource server. After you configure PAS for OpenEdge, it unlocks and validates OAuth2 tokens and then converts the tokens to CLIENT-PRINCIPAL objects. ABL developers use the CLIENT-PRINCIPAL object to authenticate and authorize access to ABL application resources.