--- title: Create Application (OIDC Protocol - PingFederate Worker App) description: The POST {{apiPath}}/v1/environments/{{envID}}/applications operation adds a new PingFederate worker application resource to the specified environment. PingOne MFA can integrate with third party identity providers, including PingFederate. The PingFederate connection in PingOne MFA is actually a worker application connection that specifies the tags property with the property value set to PING_FED_CONNECTION_INTEGRATION. component: pingone-api page_id: pingone-api:platform:applications/applications-1/create-application-oidc-protocol---pingfederate-worker-app canonical_url: https://developer.pingidentity.com/pingone-api/platform/applications/applications-1/create-application-oidc-protocol---pingfederate-worker-app.html section_ids: prerequisites: Prerequisites headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Create Application (OIDC Protocol - PingFederate Worker App) ## ```none POST {{apiPath}}/v1/environments/{{envID}}/applications ``` The `POST {{apiPath}}/v1/environments/{{envID}}/applications` operation adds a new PingFederate worker application resource to the specified environment. PingOne MFA can integrate with third party identity providers, including PingFederate. The PingFederate connection in PingOne MFA is actually a worker application connection that specifies the `tags` property with the property value set to `PING_FED_CONNECTION_INTEGRATION`. The request body can specify a value of "true" for the `enabled` attribute. If a value is not specified for the `enabled` attribute, it is set to `false` by default. ### Prerequisites * Refer to [Application Operations](../applications-1.html) for important overview information. > **Collapse: Query parameters** > > | Parameter | Description | > | --------- | ---------------------------------------------------------------------------------------------- | > | `expand` | Shows additional information in the `_embedded` resource list. Optional value is `attributes`. | > **Collapse: Request Model** > > **Base application data model (worker application)** > > Refer to [Applications base data model](../applications-1.html#applications-base-data-model) for complete descriptions. > > | Property | Required? | Type | > | ------------------------------- | --------- | ------- | > | `assignActorRoles` | Optional | Boolean | > | `accessControl.role.type` | Optional | String | > | `accessControl.group.type` | Optional | String | > | `accessControl.group.groups` | Optional | Array | > | `accessControl.group.groups.id` | Optional | UUID | > | `description` | Optional | String | > | `enabled` | Required | Boolean | > | `homePageUrl` | Optional | URL | > | `loginPageUrl` | Optional | URL | > | `icon.id` | Optional | UUID | > | `icon.href` | Optional | URL | > | `name` | Required | String | > | `protocol` | Required | String | > | `tags` | Optional | Array | > | `type` | Required | String | > > **Additional OIDC settings** > > Refer to [Applications OIDC settings data model](../applications-1.html#applications-oidc-settings-data-model) for complete descriptions. > > If you set the `protocol` attribute to `OPENID_CONNECT`, you must provide values for the required OIDC settings. Optional settings can be omitted. > > | Property | Required? | Type | > | ----------------------------------------------- | --------- | -------- | > | `additionalRefreshTokenReplayProtectionEnabled` | Optional | Boolean | > | `grantTypes` | Optional | String | > | `jwks` | String | Optional | > | `jwksUrl` | String | Optional | > | `pkceEnforcement` | Optional | String | > | `postLogoutRedirectUris` | Required | URL | > | `redirectUris` | Required | URL | > | `refreshTokenDuration` | Optional | Integer | > | `refreshTokenRollingDuration` | Optional | Integer | > | `requireSignedRequestObject` | Optional | Boolean | > | `responseTypes` | Required | String | > | `signing` | Optional | Object | > | `signing.keyRotationPolicy` | Required | Object | > | `signing.keyRotationPolicy.id` | Required | String | > | `supportUnsignedRequestObject` | Optional | Boolean | > | `tokenEndpointAuthMethod` | Required | String | ### Headers Authorization      Bearer {{accessToken}} Content-Type      application/json ### Body raw ( application/json ) ```json { "enabled": true, "name": "PingFed WORKER-App2", "description": "Test Description - PingFederate Worker App", "type": "WORKER", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "tags": [ "PING_FED_CONNECTION_INTEGRATION" ], "grantTypes": [ "CLIENT_CREDENTIALS" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "pkceEnforcement": "OPTIONAL", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{apiPath}}/v1/environments/{{envID}}/applications' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data '{ "enabled": true, "name": "PingFed WORKER-App2", "description": "Test Description - PingFederate Worker App", "type": "WORKER", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "tags": [ "PING_FED_CONNECTION_INTEGRATION" ], "grantTypes": [ "CLIENT_CREDENTIALS" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "pkceEnforcement": "OPTIONAL", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 }' ``` ```csharp var options = new RestClientOptions("{{apiPath}}/v1/environments/{{envID}}/applications") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Authorization", "Bearer {{accessToken}}"); var body = @"{" + "\n" + @" ""enabled"": true," + "\n" + @" ""name"": ""PingFed WORKER-App2""," + "\n" + @" ""description"": ""Test Description - PingFederate Worker App""," + "\n" + @" ""type"": ""WORKER""," + "\n" + @" ""protocol"": ""OPENID_CONNECT""," + "\n" + @" ""homePageUrl"": ""https://example.com/homePage""," + "\n" + @" ""loginPageUrl"": ""https://example.com/loginPage""," + "\n" + @" ""icon"": {" + "\n" + @" ""id"": ""{{imageID}}""," + "\n" + @" ""href"": ""https://upload.image.org/image.jpg""" + "\n" + @" }," + "\n" + @" ""tags"": [" + "\n" + @" ""PING_FED_CONNECTION_INTEGRATION""" + "\n" + @" ]," + "\n" + @" ""grantTypes"": [" + "\n" + @" ""CLIENT_CREDENTIALS""" + "\n" + @" ]," + "\n" + @" ""postLogoutRedirectUris"": [" + "\n" + @" ""https://example.com/logout""" + "\n" + @" ]," + "\n" + @" ""redirectUris"": [" + "\n" + @" ""https://example.com""" + "\n" + @" ]," + "\n" + @" ""tokenEndpointAuthMethod"": ""CLIENT_SECRET_BASIC""," + "\n" + @" ""pkceEnforcement"": ""OPTIONAL""," + "\n" + @" ""refreshTokenDuration"": 86400," + "\n" + @" ""refreshTokenRollingDuration"": 86400" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{apiPath}}/v1/environments/{{envID}}/applications" method := "POST" payload := strings.NewReader(`{ "enabled": true, "name": "PingFed WORKER-App2", "description": "Test Description - PingFederate Worker App", "type": "WORKER", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "tags": [ "PING_FED_CONNECTION_INTEGRATION" ], "grantTypes": [ "CLIENT_CREDENTIALS" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "pkceEnforcement": "OPTIONAL", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer {{accessToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /v1/environments/{{envID}}/applications HTTP/1.1 Host: {{apiPath}} Content-Type: application/json Authorization: Bearer {{accessToken}} { "enabled": true, "name": "PingFed WORKER-App2", "description": "Test Description - PingFederate Worker App", "type": "WORKER", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "tags": [ "PING_FED_CONNECTION_INTEGRATION" ], "grantTypes": [ "CLIENT_CREDENTIALS" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "pkceEnforcement": "OPTIONAL", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, "{\n \"enabled\": true,\n \"name\": \"PingFed WORKER-App2\",\n \"description\": \"Test Description - PingFederate Worker App\",\n \"type\": \"WORKER\",\n \"protocol\": \"OPENID_CONNECT\",\n \"homePageUrl\": \"https://example.com/homePage\",\n \"loginPageUrl\": \"https://example.com/loginPage\",\n \"icon\": {\n \"id\": \"{{imageID}}\",\n \"href\": \"https://upload.image.org/image.jpg\"\n },\n \"tags\": [\n \"PING_FED_CONNECTION_INTEGRATION\"\n ],\n \"grantTypes\": [\n \"CLIENT_CREDENTIALS\"\n ],\n \"postLogoutRedirectUris\": [\n \"https://example.com/logout\"\n ],\n \"redirectUris\": [\n \"https://example.com\"\n ],\n \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\",\n \"pkceEnforcement\": \"OPTIONAL\",\n \"refreshTokenDuration\": 86400,\n \"refreshTokenRollingDuration\": 86400\n}"); Request request = new Request.Builder() .url("{{apiPath}}/v1/environments/{{envID}}/applications") .method("POST", body) .addHeader("Content-Type", "application/json") .addHeader("Authorization", "Bearer {{accessToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{apiPath}}/v1/environments/{{envID}}/applications", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/json", "Authorization": "Bearer {{accessToken}}" }, "data": JSON.stringify({ "enabled": true, "name": "PingFed WORKER-App2", "description": "Test Description - PingFederate Worker App", "type": "WORKER", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "tags": [ "PING_FED_CONNECTION_INTEGRATION" ], "grantTypes": [ "CLIENT_CREDENTIALS" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "pkceEnforcement": "OPTIONAL", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{apiPath}}/v1/environments/{{envID}}/applications', 'headers': { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' }, body: JSON.stringify({ "enabled": true, "name": "PingFed WORKER-App2", "description": "Test Description - PingFederate Worker App", "type": "WORKER", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "tags": [ "PING_FED_CONNECTION_INTEGRATION" ], "grantTypes": [ "CLIENT_CREDENTIALS" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "pkceEnforcement": "OPTIONAL", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{apiPath}}/v1/environments/{{envID}}/applications" payload = json.dumps({ "enabled": True, "name": "PingFed WORKER-App2", "description": "Test Description - PingFederate Worker App", "type": "WORKER", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "tags": [ "PING_FED_CONNECTION_INTEGRATION" ], "grantTypes": [ "CLIENT_CREDENTIALS" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "pkceEnforcement": "OPTIONAL", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 }) headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{apiPath}}/v1/environments/{{envID}}/applications'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/json', 'Authorization' => 'Bearer {{accessToken}}' )); $request->setBody('{\n "enabled": true,\n "name": "PingFed WORKER-App2",\n "description": "Test Description - PingFederate Worker App",\n "type": "WORKER",\n "protocol": "OPENID_CONNECT",\n "homePageUrl": "https://example.com/homePage",\n "loginPageUrl": "https://example.com/loginPage",\n "icon": {\n "id": "{{imageID}}",\n "href": "https://upload.image.org/image.jpg"\n },\n "tags": [\n "PING_FED_CONNECTION_INTEGRATION"\n ],\n "grantTypes": [\n "CLIENT_CREDENTIALS"\n ],\n "postLogoutRedirectUris": [\n "https://example.com/logout"\n ],\n "redirectUris": [\n "https://example.com"\n ],\n "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",\n "pkceEnforcement": "OPTIONAL",\n "refreshTokenDuration": 86400,\n "refreshTokenRollingDuration": 86400\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{apiPath}}/v1/environments/{{envID}}/applications") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["Content-Type"] = "application/json" request["Authorization"] = "Bearer {{accessToken}}" request.body = JSON.dump({ "enabled": true, "name": "PingFed WORKER-App2", "description": "Test Description - PingFederate Worker App", "type": "WORKER", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "tags": [ "PING_FED_CONNECTION_INTEGRATION" ], "grantTypes": [ "CLIENT_CREDENTIALS" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "pkceEnforcement": "OPTIONAL", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"enabled\": true,\n \"name\": \"PingFed WORKER-App2\",\n \"description\": \"Test Description - PingFederate Worker App\",\n \"type\": \"WORKER\",\n \"protocol\": \"OPENID_CONNECT\",\n \"homePageUrl\": \"https://example.com/homePage\",\n \"loginPageUrl\": \"https://example.com/loginPage\",\n \"icon\": {\n \"id\": \"{{imageID}}\",\n \"href\": \"https://upload.image.org/image.jpg\"\n },\n \"tags\": [\n \"PING_FED_CONNECTION_INTEGRATION\"\n ],\n \"grantTypes\": [\n \"CLIENT_CREDENTIALS\"\n ],\n \"postLogoutRedirectUris\": [\n \"https://example.com/logout\"\n ],\n \"redirectUris\": [\n \"https://example.com\"\n ],\n \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\",\n \"pkceEnforcement\": \"OPTIONAL\",\n \"refreshTokenDuration\": 86400,\n \"refreshTokenRollingDuration\": 86400\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{apiPath}}/v1/environments/{{envID}}/applications")!,timeoutInterval: Double.infinity) request.addValue("application/json", forHTTPHeaderField: "Content-Type") request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 201 Created ```json { "_links": { "self": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/ef2b9812-41a7-4d55-8fe0-242d99a90704" }, "environment": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "attributes": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/ef2b9812-41a7-4d55-8fe0-242d99a90704/attributes" }, "secret": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/ef2b9812-41a7-4d55-8fe0-242d99a90704/secret" }, "grants": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/ef2b9812-41a7-4d55-8fe0-242d99a90704/grants" }, "roleAssignments": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/ef2b9812-41a7-4d55-8fe0-242d99a90704/roleAssignments" } }, "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "id": "ef2b9812-41a7-4d55-8fe0-242d99a90704", "name": "PingFed WORKER-App2", "description": "Test Description - PingFederate Worker App", "enabled": true, "type": "WORKER", "loginPageUrl": "https://example.com/loginPage", "homePageUrl": "https://example.com/homePage", "icon": { "id": "e8ad78dd-d45c-49b4-974d-8d5e443d4531", "href": "https://upload.image.org/image.jpg" }, "protocol": "OPENID_CONNECT", "createdAt": "2020-11-02T19:59:21.760Z", "updatedAt": "2020-11-02T19:59:21.760Z", "assignActorRoles": false, "tags": [ "PING_FED_CONNECTION_INTEGRATION" ], "grantTypes": [ "CLIENT_CREDENTIALS" ], "refreshTokenDuration": 86400, "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "pkceEnforcement": "OPTIONAL", "postLogoutRedirectUris": [ "https://example.com/logout" ], "refreshTokenRollingDuration": 86400, "redirectUris": [ "https://example.com" ] } ```