Skip to main content

Security for Reactive-UI applications

If your application uses a Cosmos React-UI, it authenticates operators using one of the newer (PRAuth) types of Pega Platform™ authentication schemes. Cosmos React-UI does not support non-app-specific URLs for custom authentication, nor does it support any authentication schemes other than PRAuth.

For example, suppose that you select React-based UI (Early Beta – not for production use) on the application definition rule form. In that case, Pega Platform generates a routing table internally and registers the application as a standard OAuth 2.0 client by issuing authorized access tokens for interactions. Authorized access tokens (AAT) are now the default token format used in Pega Platform for OAuth 2.0.

AATs are self-contained, compact, and digitally signed to be tamperproof. Pega Platform manages AATs with autogenerated claims and a built-in key rotation strategy. Pega Platform uses JSON Web Tokens (JWT) and JSON Web Signature (JWS) standards for managing authorized access tokens. HTTPS is required if the application is marked to use Cosmos React-UI.

The auto-generated OAuth 2.0 client for an application is identified with the name PegaAPP_<ApplicationName>. Where <ApplicationName> is the name that is used to automatically generate OAuth 2.0 Client instance when an application is saved.

For more information, refer to community article on Securing Cosmos React-UI applications.

Vulnerability mitigation controls for reactive-UI applications

Built-in vulnerability mitigation controls include:

  • Basic access controls to deny by default the unregistered inputs like activities or snap-start URLs.
  • Cross-Site Request Forgery (CSRF) mitigation controls to block Pega Digital Experience (DX) API calls from other source domains.
  • Enhanced client-side management with new cache-control headers to skip caching of Pega Digital Experience (DX) API URLs.
  • Out-of-the-box data-level protection with property-level ABAC for Pega Digital Experience (DX) API.

This Topic is available in the following Module:

If you are having problems with your training, please review the Pega Academy Support FAQs.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice