Great video . I have a confusion here please resolve this . When pega is client , and when to create oauth profile , and when this client registration comes into picture ?

If you give a video on how to pass , password via dynamic reference it will be helpful

Awesome content 👍. In oauth, we should make two calls, one to get the token with the client I'd and secret and other is to make the actual service call with the token. If pega is oauth client, then we can create the auth profile of type oauth and configure the client I'd and secret that we got from the oauth service provider. Though pega is making a call to get the token, it's all buried inside the engine code. As an end user, we could see that we are hitting the resource url and getting the data. Here, we could see that using the postman we are making the two calls one for token and other for service. Could you please make a video that in real-time how client ( actual system which treats pega as service provider) is making the token call and the service call. I think token call is not needed for every time till it is expired. How the client knows that the token is expired?

Hello, thanks for the content, it's really useful! However, I keep running into an "invalid_client" error. Do you know what the possible cause of this may be? The error message says the response must include a WWW-Authenticate header but I have added the Content-Type = application/x-www-form-urlencoded.