Pega DX MCP Server

authenticate_pega

Authenticate with Pega Infinity server using OAuth2 credentials or access tokens to enable API calls through the Pega DX MCP Server.

Instructions

Authenticate with Pega Infinity server using OAuth2 client credentials or direct access token. Stores the authentication token in session for use by other tools. This tool should be used before making API calls when you want to explicitly manage authentication.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`sessionCredentials`	No	Optional session-specific credentials. If not provided, uses environment variables. Supports two authentication modes: (1) OAuth mode - provide baseUrl, clientId, and clientSecret, or (2) Token mode - provide baseUrl and accessToken.

Implementation Reference

src/tools/services/authenticate.js:15-27 (registration)

Tool definition including name 'authenticate_pega', description, and inputSchema for registration in MCP protocol.

static getDefinition() {
  return {
    name: 'authenticate_pega',
    description: 'Authenticate with Pega Infinity server using OAuth2 client credentials or direct access token. Stores the authentication token in session for use by other tools. This tool should be used before making API calls when you want to explicitly manage authentication.',
    inputSchema: {
      type: 'object',
      properties: {
        sessionCredentials: getSessionCredentialsSchema()
      },
      required: []
    }
  };
}

src/tools/services/authenticate.js:32-64 (handler)

Main handler function that orchestrates authentication process: initializes session, authenticates via helper, handles success/error, and returns formatted response.

async execute(params) {
  let sessionInfo = null;

  try {
    // Initialize session configuration if provided
    sessionInfo = this.initializeSessionConfig(params);

    // Perform authentication
    const result = await this.authenticateAndStore();

    if (result.success) {
      return {
        content: [
          {
            type: 'text',
            text: this.formatAuthenticationResponse(result.data, sessionInfo)
          }
        ]
      };
    } else {
      return this.createResponse(false, 'Authenticate Pega', result.error);
    }
  } catch (error) {
    return {
      content: [
        {
          type: 'text',
          text: `## Error: Authenticate Pega\n\n**Unexpected Error**: ${error.message}\n\n${sessionInfo ? `**Session**: ${sessionInfo.sessionId} (${sessionInfo.authMode} mode)\n` : ''}*Error occurred at: ${new Date().toISOString()}*`
        }
      ]
    };
  }
}

src/tools/services/authenticate.js:70-144 (helper)

Core helper performing the actual OAuth2 authentication, token retrieval/storage, expiry calculation, configuration gathering, and detailed error handling.

async authenticateAndStore() {
  const startTime = Date.now();

  try {
    // Get OAuth2 client from PegaClient
    const oauth2Client = this.pegaClient.client.oauth2Client;

    // Attempt to get or fetch access token
    const token = await oauth2Client.getAccessToken();

    const duration = Date.now() - startTime;

    // Get token info (without exposing actual token)
    const tokenInfo = oauth2Client.getTokenInfo();

    // Calculate expiry time
    const expiresInSeconds = tokenInfo.tokenExpiry
      ? Math.round((tokenInfo.tokenExpiry - Date.now()) / 1000)
      : 0;

    return {
      success: true,
      data: {
        timestamp: new Date().toISOString(),
        duration: `${duration}ms`,
        sessionId: oauth2Client.cacheKey,
        authMode: oauth2Client.authMode,
        tokenInfo: {
          type: 'Bearer',
          length: token ? token.length : 0,
          prefix: token ? token.substring(0, 10) + '...' : 'None',
          acquired: !!token,
          cached: !!oauth2Client.accessToken,
          expiresIn: expiresInSeconds,
          expiresAt: tokenInfo.tokenExpiry ? new Date(tokenInfo.tokenExpiry).toISOString() : null
        },
        configuration: {
          baseUrl: this.pegaClient.client.config.pega.baseUrl,
          apiVersion: this.pegaClient.getApiVersion(),
          tokenUrl: oauth2Client.authMode === 'oauth'
            ? this.pegaClient.client.config.pega.tokenUrl
            : 'Direct Token',
          configSource: tokenInfo.configSource
        }
      }
    };
  } catch (error) {
    const duration = Date.now() - startTime;
    const oauth2Client = this.pegaClient.client.oauth2Client;

    return {
      success: false,
      error: {
        type: 'AUTHENTICATION_ERROR',
        message: `${oauth2Client.authMode.toUpperCase()} authentication failed`,
        details: error.message,
        timestamp: new Date().toISOString(),
        duration: `${duration}ms`,
        authMode: oauth2Client.authMode,
        troubleshooting: oauth2Client.authMode === 'oauth' ? [
          'Verify baseUrl is correct and accessible',
          'Check clientId and clientSecret are valid',
          'Ensure OAuth2 client is configured in Pega Infinity',
          'Verify network connectivity to Pega instance',
          'Check that the OAuth2 client has appropriate permissions'
        ] : [
          'Verify the provided access token is valid',
          'Check if the token has expired',
          'Ensure the token has appropriate permissions',
          'Verify network connectivity to Pega instance'
        ]
      }
    };
  }
}

src/tools/services/authenticate.js:152-196 (helper)

Helper function to format the detailed success response in markdown, including session, config, token info, and next steps.

formatAuthenticationResponse(data, sessionInfo = null) {
  let response = `## Authenticate Pega\n\n`;
  response += `✅ **Authentication Successful**\n\n`;
  response += `*Completed at: ${data.timestamp}*\n`;
  response += `*Duration: ${data.duration}*\n\n`;

  // Session Information
  response += `### Session Information\n`;
  response += `- **Session ID**: ${data.sessionId}\n`;
  response += `- **Authentication Mode**: ${data.authMode.toUpperCase()}\n`;
  response += `- **Configuration Source**: ${data.configuration.configSource}\n`;
  response += '\n';

  // Configuration Section
  response += `### Configuration\n`;
  response += `- **Base URL**: ${data.configuration.baseUrl}\n`;
  response += `- **API Version**: ${data.configuration.apiVersion}\n`;
  response += `- **Token URL**: ${data.configuration.tokenUrl}\n`;
  response += '\n';

  // Token Information Section
  response += `### Token Information\n`;
  response += `- **Type**: ${data.tokenInfo.type}\n`;
  response += `- **Length**: ${data.tokenInfo.length} characters\n`;
  response += `- **Prefix**: ${data.tokenInfo.prefix}\n`;
  response += `- **Acquired**: ${data.tokenInfo.acquired ? 'Yes' : 'No'}\n`;
  response += `- **Cached**: ${data.tokenInfo.cached ? 'Yes' : 'No'}\n`;
  if (data.tokenInfo.expiresIn > 0) {
    response += `- **Expires In**: ${data.tokenInfo.expiresIn} seconds (${Math.round(data.tokenInfo.expiresIn / 60)} minutes)\n`;
    response += `- **Expires At**: ${data.tokenInfo.expiresAt}\n`;
  }
  response += '\n';

  // Usage Instructions
  response += `### Next Steps\n`;
  response += `The authentication token has been stored in the session cache. You can now:\n`;
  response += `- Use other Pega tools without re-authenticating\n`;
  response += `- Test connectivity with the \`ping_pega_service\` tool\n`;
  if (sessionInfo) {
    response += `- Reference this session using sessionId: \`${data.sessionId}\`\n`;
  }
  response += '\n';

  return response;
}

Tool Definition Quality

A4.1/5.0

Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It clearly states the tool performs authentication and stores tokens in session, which is good. However, it doesn't mention important behavioral aspects like error handling, token refresh mechanisms, session management details, or what happens if authentication fails. For a critical authentication tool with zero annotation coverage, this leaves significant gaps.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is perfectly concise with two sentences that each serve a distinct purpose: the first explains what the tool does, and the second provides usage guidance. There's no wasted language, and the information is front-loaded with the core functionality stated immediately.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For an authentication tool with no annotations and no output schema, the description provides adequate basic information about purpose and usage. However, it lacks details about what happens after authentication (e.g., how other tools access the stored token), error scenarios, or authentication persistence. Given the critical nature of authentication in this toolset, more comprehensive guidance would be beneficial.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 100% description coverage, providing detailed documentation for all parameters and authentication modes. The description mentions the two authentication modes (OAuth2 and token) but doesn't add meaningful semantic context beyond what's already in the schema. With complete schema coverage, the baseline score of 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the specific action ('Authenticate with Pega Infinity server'), the authentication methods ('using OAuth2 client credentials or direct access token'), and the outcome ('Stores the authentication token in session for use by other tools'). It distinguishes itself from sibling tools which all appear to be data operations rather than authentication setup.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description explicitly states when to use this tool ('This tool should be used before making API calls when you want to explicitly manage authentication'), providing clear guidance on its prerequisite role. It doesn't specify alternatives, but given the context of sibling tools that all require authentication, this guidance is comprehensive.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/marco-looy/pega-dx-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server