Authorization and authentication by application type
PingOne supports several application types. When you make a POST {{apiPath}}/environments/{{envID}}/applications request to define a new application, you must specify the type property that best describes the application. PingOne supports the following application types:
-
A browser-based application with a server-side component, such as ASP, CGI, JSP/Java, Node.js, or Ruby on Rails applications.
-
An application that is installed and run directly on the local operating system, like Java, Objective-C, Swift, or React applications. Native applications are typically intended for native devices.
-
A browser-based application that runs on the front-end with no server-side component, such as Sencha Touch, AngularJS, and React applications. A single-page application runs on the client side after it loads, so it cannot keep a client secret.
-
A web application that does not require user interaction through the web browser, like a command line interface, a service, or a daemon.
-
An administrator application that can interact with platform APIs. Access to platform APIs is determined by the user’s or application’s role assignments.
Authorization flow steps
An authorization grant gives applications the capability to authenticate users and access secure resources. The following steps describe the application authorization flow:
-
The application initiates the authorization flow through a
GETorPOSTrequest to theauthorizeendpoint. -
The authorization service generates the access token for the
implicitgrant. -
For
authorization_codeandclient_credentialsgrants, the application calls the/{{envID}}/as/tokenendpoint to acquire the access token.
For more information about authorization, refer to OpenID Connect/OAuth 2.