PingOne Platform APIs

Set an OIDC Identity Provider to Call a DaVinci Flow

   

POST {{apiPath}}/environments/{{envID}}/identityProviders

Create a new OIDC external identity provider using the POST {{apiPath}}/environments/{{destinationEnvID}}/identityProviders request.

  • In the request body, the following properties must be set:

  • The name property value must be unique to the environment.

  • The clientId specifies the ID of the DaVinci application you created in DaVinci.

  • The clientSecret specifies the DaVinci application’s client secret key.

  • The discoveryEndpoint in the request body is the DaVinci discovery endpoint URL.

  • The authorizationEndpoint is the DaVinci authorize endpoint that includes the DaVinci flow policy ID in the URL.

  • The tokenEndpoint is the DaVinci token endpoint.

See the example request body for the other DaVinci properties.

In this example, the request body to create the OIDC external identity provider includes a registration object that requires a population ID. If you do not have a test population in your environment, refer to Create Populations in the PingOne API Reference to create one.

Headers

Authorization      Bearer {{accessToken}}

Content-Type      application/json

Body

raw ( application/json )

{
    "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.",
    "enabled": true,
    "name": "PingOne_DaVinci",
    "type": "OPENID_CONNECT",
    "clientId": "{{davinciAppID}}",
    "clientSecret": "{{davinciAppClientSecret}}",
    "registration":{
      "population":{
         "id":"{{populationID}}"
      }
    },
    "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize",
    "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token",
    "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo",
    "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks",
    "issuer": "https://auth.pingone.com/{{envID}}/davinci",
    "scopes": ["openid", "profile"],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration",
    "pkceMethod":"NONE"
}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{apiPath}}/environments/{{envID}}/identityProviders' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.",
    "enabled": true,
    "name": "PingOne_DaVinci",
    "type": "OPENID_CONNECT",
    "clientId": "{{davinciAppID}}",
    "clientSecret": "{{davinciAppClientSecret}}",
    "registration":{
      "population":{
         "id":"{{populationID}}"
      }
    },
    "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize",
    "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token",
    "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo",
    "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks",
    "issuer": "https://auth.pingone.com/{{envID}}/davinci",
    "scopes": ["openid", "profile"],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration",
    "pkceMethod":"NONE"
}'
var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/identityProviders")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""description"": ""PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.""," + "\n" +
@"    ""enabled"": true," + "\n" +
@"    ""name"": ""PingOne_DaVinci""," + "\n" +
@"    ""type"": ""OPENID_CONNECT""," + "\n" +
@"    ""clientId"": ""{{davinciAppID}}""," + "\n" +
@"    ""clientSecret"": ""{{davinciAppClientSecret}}""," + "\n" +
@"    ""registration"":{" + "\n" +
@"      ""population"":{" + "\n" +
@"         ""id"":""{{populationID}}""" + "\n" +
@"      }" + "\n" +
@"    }," + "\n" +
@"    ""authorizationEndpoint"": ""https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize""," + "\n" +
@"    ""tokenEndpoint"": ""https://auth.pingone.com/{{envID}}/davinci/token""," + "\n" +
@"    ""userInfoEndpoint"": ""https://auth.pingone.com/{{envID}}/davinci/userinfo""," + "\n" +
@"    ""jwksEndpoint"": ""https://auth.pingone.com/{{envID}}/davinci/jwks""," + "\n" +
@"    ""issuer"": ""https://auth.pingone.com/{{envID}}/davinci""," + "\n" +
@"    ""scopes"": [""openid"", ""profile""]," + "\n" +
@"    ""tokenEndpointAuthMethod"": ""CLIENT_SECRET_BASIC""," + "\n" +
@"    ""discoveryEndpoint"": ""https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration""," + "\n" +
@"    ""pkceMethod"":""NONE""" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/identityProviders"
  method := "POST"

  payload := strings.NewReader(`{
    "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.",
    "enabled": true,
    "name": "PingOne_DaVinci",
    "type": "OPENID_CONNECT",
    "clientId": "{{davinciAppID}}",
    "clientSecret": "{{davinciAppClientSecret}}",
    "registration":{
      "population":{
         "id":"{{populationID}}"
      }
    },
    "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize",
    "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token",
    "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo",
    "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks",
    "issuer": "https://auth.pingone.com/{{envID}}/davinci",
    "scopes": ["openid", "profile"],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration",
    "pkceMethod":"NONE"
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /environments/{{envID}}/identityProviders HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}

{
    "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.",
    "enabled": true,
    "name": "PingOne_DaVinci",
    "type": "OPENID_CONNECT",
    "clientId": "{{davinciAppID}}",
    "clientSecret": "{{davinciAppClientSecret}}",
    "registration":{
      "population":{
         "id":"{{populationID}}"
      }
    },
    "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize",
    "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token",
    "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo",
    "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks",
    "issuer": "https://auth.pingone.com/{{envID}}/davinci",
    "scopes": ["openid", "profile"],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration",
    "pkceMethod":"NONE"
}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"description\": \"PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.\",\n    \"enabled\": true,\n    \"name\": \"PingOne_DaVinci\",\n    \"type\": \"OPENID_CONNECT\",\n    \"clientId\": \"{{davinciAppID}}\",\n    \"clientSecret\": \"{{davinciAppClientSecret}}\",\n    \"registration\":{\n      \"population\":{\n         \"id\":\"{{populationID}}\"\n      }\n    },\n    \"authorizationEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize\",\n    \"tokenEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/token\",\n    \"userInfoEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/userinfo\",\n    \"jwksEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/jwks\",\n    \"issuer\": \"https://auth.pingone.com/{{envID}}/davinci\",\n    \"scopes\": [\"openid\", \"profile\"],\n    \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\",\n    \"discoveryEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration\",\n    \"pkceMethod\":\"NONE\"\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/identityProviders")
  .method("POST", body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/identityProviders",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.",
    "enabled": true,
    "name": "PingOne_DaVinci",
    "type": "OPENID_CONNECT",
    "clientId": "{{davinciAppID}}",
    "clientSecret": "{{davinciAppClientSecret}}",
    "registration": {
      "population": {
        "id": "{{populationID}}"
      }
    },
    "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize",
    "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token",
    "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo",
    "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks",
    "issuer": "https://auth.pingone.com/{{envID}}/davinci",
    "scopes": [
      "openid",
      "profile"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration",
    "pkceMethod": "NONE"
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/environments/{{envID}}/identityProviders',
  'headers': {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.",
    "enabled": true,
    "name": "PingOne_DaVinci",
    "type": "OPENID_CONNECT",
    "clientId": "{{davinciAppID}}",
    "clientSecret": "{{davinciAppClientSecret}}",
    "registration": {
      "population": {
        "id": "{{populationID}}"
      }
    },
    "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize",
    "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token",
    "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo",
    "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks",
    "issuer": "https://auth.pingone.com/{{envID}}/davinci",
    "scopes": [
      "openid",
      "profile"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration",
    "pkceMethod": "NONE"
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests
import json

url = "{{apiPath}}/environments/{{envID}}/identityProviders"

payload = json.dumps({
  "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.",
  "enabled": True,
  "name": "PingOne_DaVinci",
  "type": "OPENID_CONNECT",
  "clientId": "{{davinciAppID}}",
  "clientSecret": "{{davinciAppClientSecret}}",
  "registration": {
    "population": {
      "id": "{{populationID}}"
    }
  },
  "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize",
  "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token",
  "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo",
  "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks",
  "issuer": "https://auth.pingone.com/{{envID}}/davinci",
  "scopes": [
    "openid",
    "profile"
  ],
  "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
  "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration",
  "pkceMethod": "NONE"
})
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/identityProviders');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.",\n    "enabled": true,\n    "name": "PingOne_DaVinci",\n    "type": "OPENID_CONNECT",\n    "clientId": "{{davinciAppID}}",\n    "clientSecret": "{{davinciAppClientSecret}}",\n    "registration":{\n      "population":{\n         "id":"{{populationID}}"\n      }\n    },\n    "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize",\n    "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token",\n    "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo",\n    "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks",\n    "issuer": "https://auth.pingone.com/{{envID}}/davinci",\n    "scopes": ["openid", "profile"],\n    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",\n    "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration",\n    "pkceMethod":"NONE"\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/identityProviders")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.",
  "enabled": true,
  "name": "PingOne_DaVinci",
  "type": "OPENID_CONNECT",
  "clientId": "{{davinciAppID}}",
  "clientSecret": "{{davinciAppClientSecret}}",
  "registration": {
    "population": {
      "id": "{{populationID}}"
    }
  },
  "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize",
  "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token",
  "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo",
  "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks",
  "issuer": "https://auth.pingone.com/{{envID}}/davinci",
  "scopes": [
    "openid",
    "profile"
  ],
  "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
  "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration",
  "pkceMethod": "NONE"
})

response = http.request(request)
puts response.read_body
let parameters = "{\n    \"description\": \"PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.\",\n    \"enabled\": true,\n    \"name\": \"PingOne_DaVinci\",\n    \"type\": \"OPENID_CONNECT\",\n    \"clientId\": \"{{davinciAppID}}\",\n    \"clientSecret\": \"{{davinciAppClientSecret}}\",\n    \"registration\":{\n      \"population\":{\n         \"id\":\"{{populationID}}\"\n      }\n    },\n    \"authorizationEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize\",\n    \"tokenEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/token\",\n    \"userInfoEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/userinfo\",\n    \"jwksEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/jwks\",\n    \"issuer\": \"https://auth.pingone.com/{{envID}}/davinci\",\n    \"scopes\": [\"openid\", \"profile\"],\n    \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\",\n    \"discoveryEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration\",\n    \"pkceMethod\":\"NONE\"\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/identityProviders")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

201 Created

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/identityProviders/1525ce95-e070-4e37-aa6e-dca1a715ffb7"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
        },
        "attributes": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/identityProviders/1525ce95-e070-4e37-aa6e-dca1a715ffb7/attributes"
        }
    },
    "id": "1525ce95-e070-4e37-aa6e-dca1a715ffb7",
    "type": "OPENID_CONNECT",
    "name": "PingOne_DaVinci",
    "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.",
    "enabled": true,
    "environment": {
        "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "createdAt": "2025-10-22T22:15:39.125Z",
    "updatedAt": "2025-10-22T22:15:39.125Z",
    "tokenEndpoint": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/davinci/token",
    "clientId": "ead0e6c01349d0653d33a1267ebb9c56",
    "jwksEndpoint": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/davinci/jwks",
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "clientSecret": "a9e8e8b6cb0208f71c0f11d51155fd49e75aea4b3f5750b01469569a54c9a753",
    "discoveryEndpoint": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/davinci/.well-known/openid-configuration",
    "scopes": [
        "openid",
        "profile"
    ],
    "userInfoEndpoint": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/davinci/userinfo",
    "authorizationEndpoint": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/davinci/policy/814a0fa8fcf669a2eb96953a1b108a3/authorize",
    "issuer": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/davinci",
    "pkceMethod": "NONE"
}