PingOne Platform APIs

Create Application (OIDC Protocol - PingFederate Worker App)

   

POST {{apiPath}}/environments/{{envID}}/applications

The POST {{apiPath}}/environments/{{envID}}/applications operation adds a new PingFederate worker application resource to the specified environment. PingOne MFA can integrate with third party identity providers, including PingFederate. The PingFederate connection in PingOne MFA is actually a worker application connection that specifies the tags property with the property value set to PING_FED_CONNECTION_INTEGRATION.

The request body can specify a value of "true" for the enabled attribute. If a value is not specified for the enabled attribute, it is set to false by default.

Prerequisites

Query parameters
Parameter Description

expand

Shows additional information in the _embedded resource list. Optional value is attributes.
Request Model

Base application data model (worker application)

Refer to Applications base data model for complete descriptions.

Property Required? Type

assignActorRoles

Optional

Boolean

accessControl.role.type

Optional

String

accessControl.group.type

Optional

String

accessControl.group.groups

Optional

Array

accessControl.group.groups.id

Optional

UUID

description

Optional

String

enabled

Required

Boolean

homePageUrl

Optional

URL

loginPageUrl

Optional

URL

icon.id

Optional

UUID

icon.href

Optional

URL

name

Required

String

protocol

Required

String

tags

Optional

Array

type

Required

String

Additional OIDC settings

Refer to Applications OIDC settings data model for complete descriptions.

If you set the protocol attribute to OPENID_CONNECT, you must provide values for the required OIDC settings. Optional settings can be omitted.

Property Required? Type

additionalRefreshTokenReplayProtectionEnabled

Optional

Boolean

grantTypes

Optional

String

jwks

String

Optional

jwksUrl

String

Optional

pkceEnforcement

Optional

String

postLogoutRedirectUris

Required

URL

redirectUris

Required

URL

refreshTokenDuration

Optional

Integer

refreshTokenRollingDuration

Optional

Integer

requireSignedRequestObject

Optional

Boolean

responseTypes

Required

String

signing

Optional

Object

signing.keyRotationPolicy

Required

Object

signing.keyRotationPolicy.id

Required

String

supportUnsignedRequestObject

Optional

Boolean

tokenEndpointAuthMethod

Required

String

Headers

Authorization      Bearer {{accessToken}}

Content-Type      application/json

Body

raw ( application/json )

{
    "enabled": true,
    "name": "PingFed WORKER-App2",
    "description": "Test Description - PingFederate Worker App",
    "type": "WORKER",
    "protocol": "OPENID_CONNECT",
    "homePageUrl": "https://example.com/homePage",
    "loginPageUrl": "https://example.com/loginPage",
    "icon": {
        "id": "{{imageID}}",
        "href": "https://upload.image.org/image.jpg"
    },
    "tags": [
        "PING_FED_CONNECTION_INTEGRATION"
    ],
    "grantTypes": [
        "CLIENT_CREDENTIALS"
    ],
    "postLogoutRedirectUris": [
        "https://example.com/logout"
    ],
    "redirectUris": [
        "https://example.com"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "pkceEnforcement": "OPTIONAL",
    "refreshTokenDuration": 86400,
    "refreshTokenRollingDuration": 86400
}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{apiPath}}/environments/{{envID}}/applications' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "enabled": true,
    "name": "PingFed WORKER-App2",
    "description": "Test Description - PingFederate Worker App",
    "type": "WORKER",
    "protocol": "OPENID_CONNECT",
    "homePageUrl": "https://example.com/homePage",
    "loginPageUrl": "https://example.com/loginPage",
    "icon": {
        "id": "{{imageID}}",
        "href": "https://upload.image.org/image.jpg"
    },
    "tags": [
        "PING_FED_CONNECTION_INTEGRATION"
    ],
    "grantTypes": [
        "CLIENT_CREDENTIALS"
    ],
    "postLogoutRedirectUris": [
        "https://example.com/logout"
    ],
    "redirectUris": [
        "https://example.com"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "pkceEnforcement": "OPTIONAL",
    "refreshTokenDuration": 86400,
    "refreshTokenRollingDuration": 86400
}'
var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/applications")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""enabled"": true," + "\n" +
@"    ""name"": ""PingFed WORKER-App2""," + "\n" +
@"    ""description"": ""Test Description - PingFederate Worker App""," + "\n" +
@"    ""type"": ""WORKER""," + "\n" +
@"    ""protocol"": ""OPENID_CONNECT""," + "\n" +
@"    ""homePageUrl"": ""https://example.com/homePage""," + "\n" +
@"    ""loginPageUrl"": ""https://example.com/loginPage""," + "\n" +
@"    ""icon"": {" + "\n" +
@"        ""id"": ""{{imageID}}""," + "\n" +
@"        ""href"": ""https://upload.image.org/image.jpg""" + "\n" +
@"    }," + "\n" +
@"    ""tags"": [" + "\n" +
@"        ""PING_FED_CONNECTION_INTEGRATION""" + "\n" +
@"    ]," + "\n" +
@"    ""grantTypes"": [" + "\n" +
@"        ""CLIENT_CREDENTIALS""" + "\n" +
@"    ]," + "\n" +
@"    ""postLogoutRedirectUris"": [" + "\n" +
@"        ""https://example.com/logout""" + "\n" +
@"    ]," + "\n" +
@"    ""redirectUris"": [" + "\n" +
@"        ""https://example.com""" + "\n" +
@"    ]," + "\n" +
@"    ""tokenEndpointAuthMethod"": ""CLIENT_SECRET_BASIC""," + "\n" +
@"    ""pkceEnforcement"": ""OPTIONAL""," + "\n" +
@"    ""refreshTokenDuration"": 86400," + "\n" +
@"    ""refreshTokenRollingDuration"": 86400" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/applications"
  method := "POST"

  payload := strings.NewReader(`{
    "enabled": true,
    "name": "PingFed WORKER-App2",
    "description": "Test Description - PingFederate Worker App",
    "type": "WORKER",
    "protocol": "OPENID_CONNECT",
    "homePageUrl": "https://example.com/homePage",
    "loginPageUrl": "https://example.com/loginPage",
    "icon": {
        "id": "{{imageID}}",
        "href": "https://upload.image.org/image.jpg"
    },
    "tags": [
        "PING_FED_CONNECTION_INTEGRATION"
    ],
    "grantTypes": [
        "CLIENT_CREDENTIALS"
    ],
    "postLogoutRedirectUris": [
        "https://example.com/logout"
    ],
    "redirectUris": [
        "https://example.com"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "pkceEnforcement": "OPTIONAL",
    "refreshTokenDuration": 86400,
    "refreshTokenRollingDuration": 86400
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /environments/{{envID}}/applications HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}

{
    "enabled": true,
    "name": "PingFed WORKER-App2",
    "description": "Test Description - PingFederate Worker App",
    "type": "WORKER",
    "protocol": "OPENID_CONNECT",
    "homePageUrl": "https://example.com/homePage",
    "loginPageUrl": "https://example.com/loginPage",
    "icon": {
        "id": "{{imageID}}",
        "href": "https://upload.image.org/image.jpg"
    },
    "tags": [
        "PING_FED_CONNECTION_INTEGRATION"
    ],
    "grantTypes": [
        "CLIENT_CREDENTIALS"
    ],
    "postLogoutRedirectUris": [
        "https://example.com/logout"
    ],
    "redirectUris": [
        "https://example.com"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "pkceEnforcement": "OPTIONAL",
    "refreshTokenDuration": 86400,
    "refreshTokenRollingDuration": 86400
}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"enabled\": true,\n    \"name\": \"PingFed WORKER-App2\",\n    \"description\": \"Test Description - PingFederate Worker App\",\n    \"type\": \"WORKER\",\n    \"protocol\": \"OPENID_CONNECT\",\n    \"homePageUrl\": \"https://example.com/homePage\",\n    \"loginPageUrl\": \"https://example.com/loginPage\",\n    \"icon\": {\n        \"id\": \"{{imageID}}\",\n        \"href\": \"https://upload.image.org/image.jpg\"\n    },\n    \"tags\": [\n        \"PING_FED_CONNECTION_INTEGRATION\"\n    ],\n    \"grantTypes\": [\n        \"CLIENT_CREDENTIALS\"\n    ],\n    \"postLogoutRedirectUris\": [\n        \"https://example.com/logout\"\n    ],\n    \"redirectUris\": [\n        \"https://example.com\"\n    ],\n    \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\",\n    \"pkceEnforcement\": \"OPTIONAL\",\n    \"refreshTokenDuration\": 86400,\n    \"refreshTokenRollingDuration\": 86400\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/applications")
  .method("POST", body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/applications",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "enabled": true,
    "name": "PingFed WORKER-App2",
    "description": "Test Description - PingFederate Worker App",
    "type": "WORKER",
    "protocol": "OPENID_CONNECT",
    "homePageUrl": "https://example.com/homePage",
    "loginPageUrl": "https://example.com/loginPage",
    "icon": {
      "id": "{{imageID}}",
      "href": "https://upload.image.org/image.jpg"
    },
    "tags": [
      "PING_FED_CONNECTION_INTEGRATION"
    ],
    "grantTypes": [
      "CLIENT_CREDENTIALS"
    ],
    "postLogoutRedirectUris": [
      "https://example.com/logout"
    ],
    "redirectUris": [
      "https://example.com"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "pkceEnforcement": "OPTIONAL",
    "refreshTokenDuration": 86400,
    "refreshTokenRollingDuration": 86400
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/environments/{{envID}}/applications',
  'headers': {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "enabled": true,
    "name": "PingFed WORKER-App2",
    "description": "Test Description - PingFederate Worker App",
    "type": "WORKER",
    "protocol": "OPENID_CONNECT",
    "homePageUrl": "https://example.com/homePage",
    "loginPageUrl": "https://example.com/loginPage",
    "icon": {
      "id": "{{imageID}}",
      "href": "https://upload.image.org/image.jpg"
    },
    "tags": [
      "PING_FED_CONNECTION_INTEGRATION"
    ],
    "grantTypes": [
      "CLIENT_CREDENTIALS"
    ],
    "postLogoutRedirectUris": [
      "https://example.com/logout"
    ],
    "redirectUris": [
      "https://example.com"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "pkceEnforcement": "OPTIONAL",
    "refreshTokenDuration": 86400,
    "refreshTokenRollingDuration": 86400
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests
import json

url = "{{apiPath}}/environments/{{envID}}/applications"

payload = json.dumps({
  "enabled": True,
  "name": "PingFed WORKER-App2",
  "description": "Test Description - PingFederate Worker App",
  "type": "WORKER",
  "protocol": "OPENID_CONNECT",
  "homePageUrl": "https://example.com/homePage",
  "loginPageUrl": "https://example.com/loginPage",
  "icon": {
    "id": "{{imageID}}",
    "href": "https://upload.image.org/image.jpg"
  },
  "tags": [
    "PING_FED_CONNECTION_INTEGRATION"
  ],
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ],
  "postLogoutRedirectUris": [
    "https://example.com/logout"
  ],
  "redirectUris": [
    "https://example.com"
  ],
  "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
  "pkceEnforcement": "OPTIONAL",
  "refreshTokenDuration": 86400,
  "refreshTokenRollingDuration": 86400
})
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/applications');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "enabled": true,\n    "name": "PingFed WORKER-App2",\n    "description": "Test Description - PingFederate Worker App",\n    "type": "WORKER",\n    "protocol": "OPENID_CONNECT",\n    "homePageUrl": "https://example.com/homePage",\n    "loginPageUrl": "https://example.com/loginPage",\n    "icon": {\n        "id": "{{imageID}}",\n        "href": "https://upload.image.org/image.jpg"\n    },\n    "tags": [\n        "PING_FED_CONNECTION_INTEGRATION"\n    ],\n    "grantTypes": [\n        "CLIENT_CREDENTIALS"\n    ],\n    "postLogoutRedirectUris": [\n        "https://example.com/logout"\n    ],\n    "redirectUris": [\n        "https://example.com"\n    ],\n    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",\n    "pkceEnforcement": "OPTIONAL",\n    "refreshTokenDuration": 86400,\n    "refreshTokenRollingDuration": 86400\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/applications")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "enabled": true,
  "name": "PingFed WORKER-App2",
  "description": "Test Description - PingFederate Worker App",
  "type": "WORKER",
  "protocol": "OPENID_CONNECT",
  "homePageUrl": "https://example.com/homePage",
  "loginPageUrl": "https://example.com/loginPage",
  "icon": {
    "id": "{{imageID}}",
    "href": "https://upload.image.org/image.jpg"
  },
  "tags": [
    "PING_FED_CONNECTION_INTEGRATION"
  ],
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ],
  "postLogoutRedirectUris": [
    "https://example.com/logout"
  ],
  "redirectUris": [
    "https://example.com"
  ],
  "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
  "pkceEnforcement": "OPTIONAL",
  "refreshTokenDuration": 86400,
  "refreshTokenRollingDuration": 86400
})

response = http.request(request)
puts response.read_body
let parameters = "{\n    \"enabled\": true,\n    \"name\": \"PingFed WORKER-App2\",\n    \"description\": \"Test Description - PingFederate Worker App\",\n    \"type\": \"WORKER\",\n    \"protocol\": \"OPENID_CONNECT\",\n    \"homePageUrl\": \"https://example.com/homePage\",\n    \"loginPageUrl\": \"https://example.com/loginPage\",\n    \"icon\": {\n        \"id\": \"{{imageID}}\",\n        \"href\": \"https://upload.image.org/image.jpg\"\n    },\n    \"tags\": [\n        \"PING_FED_CONNECTION_INTEGRATION\"\n    ],\n    \"grantTypes\": [\n        \"CLIENT_CREDENTIALS\"\n    ],\n    \"postLogoutRedirectUris\": [\n        \"https://example.com/logout\"\n    ],\n    \"redirectUris\": [\n        \"https://example.com\"\n    ],\n    \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\",\n    \"pkceEnforcement\": \"OPTIONAL\",\n    \"refreshTokenDuration\": 86400,\n    \"refreshTokenRollingDuration\": 86400\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/applications")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

201 Created

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/ef2b9812-41a7-4d55-8fe0-242d99a90704"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
        },
        "attributes": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/ef2b9812-41a7-4d55-8fe0-242d99a90704/attributes"
        },
        "secret": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/ef2b9812-41a7-4d55-8fe0-242d99a90704/secret"
        },
        "grants": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/ef2b9812-41a7-4d55-8fe0-242d99a90704/grants"
        },
        "roleAssignments": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/ef2b9812-41a7-4d55-8fe0-242d99a90704/roleAssignments"
        }
    },
    "environment": {
        "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "id": "ef2b9812-41a7-4d55-8fe0-242d99a90704",
    "name": "PingFed WORKER-App2",
    "description": "Test Description - PingFederate Worker App",
    "enabled": true,
    "type": "WORKER",
    "loginPageUrl": "https://example.com/loginPage",
    "homePageUrl": "https://example.com/homePage",
    "icon": {
        "id": "e8ad78dd-d45c-49b4-974d-8d5e443d4531",
        "href": "https://upload.image.org/image.jpg"
    },
    "protocol": "OPENID_CONNECT",
    "createdAt": "2020-11-02T19:59:21.760Z",
    "updatedAt": "2020-11-02T19:59:21.760Z",
    "assignActorRoles": false,
    "tags": [
        "PING_FED_CONNECTION_INTEGRATION"
    ],
    "grantTypes": [
        "CLIENT_CREDENTIALS"
    ],
    "refreshTokenDuration": 86400,
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "pkceEnforcement": "OPTIONAL",
    "postLogoutRedirectUris": [
        "https://example.com/logout"
    ],
    "refreshTokenRollingDuration": 86400,
    "redirectUris": [
        "https://example.com"
    ]
}