PingOne Platform APIs

Create Application (OIDC Protocol - Single Page App)

   

POST {{apiPath}}/environments/{{envID}}/applications

The POST {{apiPath}}/environments/{{envID}}/applications operation adds a new application resource to the specified environment.

In addition to the required name attribute, the request body also specifies a value of true for the enabled attribute. If a value is not specified for the enabled attribute, it is set to false by default.

In PingOne, when defining a single-page application in the Admin Console, the application uses the following recommended OIDC settings as the default:

  • grantTypes is set to AUTHORIZATION_CODE.

  • responseTypes is set to CODE.

  • pkceEnforcement is set to S256_REQUIRED.

  • tokenEndpointAuthMethod is set to NONE.

Prerequisites

Request Model

Base application data model (single page application)

Refer to Applications base data model for complete descriptions.

Property Required? Type

assignActorRoles

Optional

Boolean

accessControl.role.type

Optional

String

accessControl.group.type

Optional

String

accessControl.group.groups

Optional

Array

accessControl.group.groups.id

Optional

UUID

description

Optional

String

enabled

Required

Boolean

homePageUrl

Optional

URL

loginPageUrl

Optional

URL

icon.id

Optional

UUID

icon.href

Optional

URL

name

Required

String

protocol

Required

String

tags

Optional

Array

type

Required

String

Additional OIDC settings

Refer to Applications OIDC settings data model for complete descriptions.

If you set the protocol attribute to OPENID_CONNECT, you must provide values for the required OIDC settings. Optional settings can be omitted.

Property Required? Type

additionalRefreshTokenReplayProtectionEnabled

Optional

Boolean

grantTypes

Optional

String

pkceEnforcement

Optional

String

postLogoutRedirectUris

Required

URL

redirectUris

Required

URL

refreshTokenDuration

Optional

Integer

refreshTokenRollingDuration

Optional

Integer

requireSignedRequestObject

Optional

Boolean

responseTypes

Required

String

signing

Optional

Object

signing.keyRotationPolicy

Required

Object

signing.keyRotationPolicy.id

Required

String

supportUnsignedRequestObject

Optional

Boolean

tokenEndpointAuthMethod

Required

String

Headers

Authorization      Bearer {{accessToken}}

Content-Type      application/json

Body

raw ( application/json )

{
    "enabled": true,
    "name": "OIDC-SPA-App",
    "description": "Test Description - OIDC App (Single Page App)",
    "type": "SINGLE_PAGE_APP",
    "protocol": "OPENID_CONNECT",
    "homePageUrl": "https://example.com/homePage",
    "loginPageUrl": "https://example.com/loginPage",
    "icon": {
        "id": "{{imageID}}",
        "href": "https://upload.image.org/image.jpg"
    },
    "grantTypes": [
        "AUTHORIZATION_CODE"
    ],
    "postLogoutRedirectUris": [
        "https://example.com/logout"
    ],
    "redirectUris": [
        "https://example.com"
    ],
    "responseTypes": [
        "CODE"
    ],
    "tokenEndpointAuthMethod": "NONE",
    "pkceEnforcement": "S256_REQUIRED",
    "refreshTokenDuration": 86400,
    "refreshTokenRollingDuration": 86400
}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{apiPath}}/environments/{{envID}}/applications' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "enabled": true,
    "name": "OIDC-SPA-App",
    "description": "Test Description - OIDC App (Single Page App)",
    "type": "SINGLE_PAGE_APP",
    "protocol": "OPENID_CONNECT",
    "homePageUrl": "https://example.com/homePage",
    "loginPageUrl": "https://example.com/loginPage",
    "icon": {
        "id": "{{imageID}}",
        "href": "https://upload.image.org/image.jpg"
    },
    "grantTypes": [
        "AUTHORIZATION_CODE"
    ],
    "postLogoutRedirectUris": [
        "https://example.com/logout"
    ],
    "redirectUris": [
        "https://example.com"
    ],
    "responseTypes": [
        "CODE"
    ],
    "tokenEndpointAuthMethod": "NONE",
    "pkceEnforcement": "S256_REQUIRED",
    "refreshTokenDuration": 86400,
    "refreshTokenRollingDuration": 86400
}'
var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/applications")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""enabled"": true," + "\n" +
@"    ""name"": ""OIDC-SPA-App""," + "\n" +
@"    ""description"": ""Test Description - OIDC App (Single Page App)""," + "\n" +
@"    ""type"": ""SINGLE_PAGE_APP""," + "\n" +
@"    ""protocol"": ""OPENID_CONNECT""," + "\n" +
@"    ""homePageUrl"": ""https://example.com/homePage""," + "\n" +
@"    ""loginPageUrl"": ""https://example.com/loginPage""," + "\n" +
@"    ""icon"": {" + "\n" +
@"        ""id"": ""{{imageID}}""," + "\n" +
@"        ""href"": ""https://upload.image.org/image.jpg""" + "\n" +
@"    }," + "\n" +
@"    ""grantTypes"": [" + "\n" +
@"        ""AUTHORIZATION_CODE""" + "\n" +
@"    ]," + "\n" +
@"    ""postLogoutRedirectUris"": [" + "\n" +
@"        ""https://example.com/logout""" + "\n" +
@"    ]," + "\n" +
@"    ""redirectUris"": [" + "\n" +
@"        ""https://example.com""" + "\n" +
@"    ]," + "\n" +
@"    ""responseTypes"": [" + "\n" +
@"        ""CODE""" + "\n" +
@"    ]," + "\n" +
@"    ""tokenEndpointAuthMethod"": ""NONE""," + "\n" +
@"    ""pkceEnforcement"": ""S256_REQUIRED""," + "\n" +
@"    ""refreshTokenDuration"": 86400," + "\n" +
@"    ""refreshTokenRollingDuration"": 86400" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/applications"
  method := "POST"

  payload := strings.NewReader(`{
    "enabled": true,
    "name": "OIDC-SPA-App",
    "description": "Test Description - OIDC App (Single Page App)",
    "type": "SINGLE_PAGE_APP",
    "protocol": "OPENID_CONNECT",
    "homePageUrl": "https://example.com/homePage",
    "loginPageUrl": "https://example.com/loginPage",
    "icon": {
        "id": "{{imageID}}",
        "href": "https://upload.image.org/image.jpg"
    },
    "grantTypes": [
        "AUTHORIZATION_CODE"
    ],
    "postLogoutRedirectUris": [
        "https://example.com/logout"
    ],
    "redirectUris": [
        "https://example.com"
    ],
    "responseTypes": [
        "CODE"
    ],
    "tokenEndpointAuthMethod": "NONE",
    "pkceEnforcement": "S256_REQUIRED",
    "refreshTokenDuration": 86400,
    "refreshTokenRollingDuration": 86400
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /environments/{{envID}}/applications HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}

{
    "enabled": true,
    "name": "OIDC-SPA-App",
    "description": "Test Description - OIDC App (Single Page App)",
    "type": "SINGLE_PAGE_APP",
    "protocol": "OPENID_CONNECT",
    "homePageUrl": "https://example.com/homePage",
    "loginPageUrl": "https://example.com/loginPage",
    "icon": {
        "id": "{{imageID}}",
        "href": "https://upload.image.org/image.jpg"
    },
    "grantTypes": [
        "AUTHORIZATION_CODE"
    ],
    "postLogoutRedirectUris": [
        "https://example.com/logout"
    ],
    "redirectUris": [
        "https://example.com"
    ],
    "responseTypes": [
        "CODE"
    ],
    "tokenEndpointAuthMethod": "NONE",
    "pkceEnforcement": "S256_REQUIRED",
    "refreshTokenDuration": 86400,
    "refreshTokenRollingDuration": 86400
}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"enabled\": true,\n    \"name\": \"OIDC-SPA-App\",\n    \"description\": \"Test Description - OIDC App (Single Page App)\",\n    \"type\": \"SINGLE_PAGE_APP\",\n    \"protocol\": \"OPENID_CONNECT\",\n    \"homePageUrl\": \"https://example.com/homePage\",\n    \"loginPageUrl\": \"https://example.com/loginPage\",\n    \"icon\": {\n        \"id\": \"{{imageID}}\",\n        \"href\": \"https://upload.image.org/image.jpg\"\n    },\n    \"grantTypes\": [\n        \"AUTHORIZATION_CODE\"\n    ],\n    \"postLogoutRedirectUris\": [\n        \"https://example.com/logout\"\n    ],\n    \"redirectUris\": [\n        \"https://example.com\"\n    ],\n    \"responseTypes\": [\n        \"CODE\"\n    ],\n    \"tokenEndpointAuthMethod\": \"NONE\",\n    \"pkceEnforcement\": \"S256_REQUIRED\",\n    \"refreshTokenDuration\": 86400,\n    \"refreshTokenRollingDuration\": 86400\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/applications")
  .method("POST", body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/applications",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "enabled": true,
    "name": "OIDC-SPA-App",
    "description": "Test Description - OIDC App (Single Page App)",
    "type": "SINGLE_PAGE_APP",
    "protocol": "OPENID_CONNECT",
    "homePageUrl": "https://example.com/homePage",
    "loginPageUrl": "https://example.com/loginPage",
    "icon": {
      "id": "{{imageID}}",
      "href": "https://upload.image.org/image.jpg"
    },
    "grantTypes": [
      "AUTHORIZATION_CODE"
    ],
    "postLogoutRedirectUris": [
      "https://example.com/logout"
    ],
    "redirectUris": [
      "https://example.com"
    ],
    "responseTypes": [
      "CODE"
    ],
    "tokenEndpointAuthMethod": "NONE",
    "pkceEnforcement": "S256_REQUIRED",
    "refreshTokenDuration": 86400,
    "refreshTokenRollingDuration": 86400
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/environments/{{envID}}/applications',
  'headers': {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "enabled": true,
    "name": "OIDC-SPA-App",
    "description": "Test Description - OIDC App (Single Page App)",
    "type": "SINGLE_PAGE_APP",
    "protocol": "OPENID_CONNECT",
    "homePageUrl": "https://example.com/homePage",
    "loginPageUrl": "https://example.com/loginPage",
    "icon": {
      "id": "{{imageID}}",
      "href": "https://upload.image.org/image.jpg"
    },
    "grantTypes": [
      "AUTHORIZATION_CODE"
    ],
    "postLogoutRedirectUris": [
      "https://example.com/logout"
    ],
    "redirectUris": [
      "https://example.com"
    ],
    "responseTypes": [
      "CODE"
    ],
    "tokenEndpointAuthMethod": "NONE",
    "pkceEnforcement": "S256_REQUIRED",
    "refreshTokenDuration": 86400,
    "refreshTokenRollingDuration": 86400
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests
import json

url = "{{apiPath}}/environments/{{envID}}/applications"

payload = json.dumps({
  "enabled": True,
  "name": "OIDC-SPA-App",
  "description": "Test Description - OIDC App (Single Page App)",
  "type": "SINGLE_PAGE_APP",
  "protocol": "OPENID_CONNECT",
  "homePageUrl": "https://example.com/homePage",
  "loginPageUrl": "https://example.com/loginPage",
  "icon": {
    "id": "{{imageID}}",
    "href": "https://upload.image.org/image.jpg"
  },
  "grantTypes": [
    "AUTHORIZATION_CODE"
  ],
  "postLogoutRedirectUris": [
    "https://example.com/logout"
  ],
  "redirectUris": [
    "https://example.com"
  ],
  "responseTypes": [
    "CODE"
  ],
  "tokenEndpointAuthMethod": "NONE",
  "pkceEnforcement": "S256_REQUIRED",
  "refreshTokenDuration": 86400,
  "refreshTokenRollingDuration": 86400
})
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/applications');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "enabled": true,\n    "name": "OIDC-SPA-App",\n    "description": "Test Description - OIDC App (Single Page App)",\n    "type": "SINGLE_PAGE_APP",\n    "protocol": "OPENID_CONNECT",\n    "homePageUrl": "https://example.com/homePage",\n    "loginPageUrl": "https://example.com/loginPage",\n    "icon": {\n        "id": "{{imageID}}",\n        "href": "https://upload.image.org/image.jpg"\n    },\n    "grantTypes": [\n        "AUTHORIZATION_CODE"\n    ],\n    "postLogoutRedirectUris": [\n        "https://example.com/logout"\n    ],\n    "redirectUris": [\n        "https://example.com"\n    ],\n    "responseTypes": [\n        "CODE"\n    ],\n    "tokenEndpointAuthMethod": "NONE",\n    "pkceEnforcement": "S256_REQUIRED",\n    "refreshTokenDuration": 86400,\n    "refreshTokenRollingDuration": 86400\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/applications")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "enabled": true,
  "name": "OIDC-SPA-App",
  "description": "Test Description - OIDC App (Single Page App)",
  "type": "SINGLE_PAGE_APP",
  "protocol": "OPENID_CONNECT",
  "homePageUrl": "https://example.com/homePage",
  "loginPageUrl": "https://example.com/loginPage",
  "icon": {
    "id": "{{imageID}}",
    "href": "https://upload.image.org/image.jpg"
  },
  "grantTypes": [
    "AUTHORIZATION_CODE"
  ],
  "postLogoutRedirectUris": [
    "https://example.com/logout"
  ],
  "redirectUris": [
    "https://example.com"
  ],
  "responseTypes": [
    "CODE"
  ],
  "tokenEndpointAuthMethod": "NONE",
  "pkceEnforcement": "S256_REQUIRED",
  "refreshTokenDuration": 86400,
  "refreshTokenRollingDuration": 86400
})

response = http.request(request)
puts response.read_body
let parameters = "{\n    \"enabled\": true,\n    \"name\": \"OIDC-SPA-App\",\n    \"description\": \"Test Description - OIDC App (Single Page App)\",\n    \"type\": \"SINGLE_PAGE_APP\",\n    \"protocol\": \"OPENID_CONNECT\",\n    \"homePageUrl\": \"https://example.com/homePage\",\n    \"loginPageUrl\": \"https://example.com/loginPage\",\n    \"icon\": {\n        \"id\": \"{{imageID}}\",\n        \"href\": \"https://upload.image.org/image.jpg\"\n    },\n    \"grantTypes\": [\n        \"AUTHORIZATION_CODE\"\n    ],\n    \"postLogoutRedirectUris\": [\n        \"https://example.com/logout\"\n    ],\n    \"redirectUris\": [\n        \"https://example.com\"\n    ],\n    \"responseTypes\": [\n        \"CODE\"\n    ],\n    \"tokenEndpointAuthMethod\": \"NONE\",\n    \"pkceEnforcement\": \"S256_REQUIRED\",\n    \"refreshTokenDuration\": 86400,\n    \"refreshTokenRollingDuration\": 86400\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/applications")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

201 Created

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/627e747a-6096-4dde-a4e5-f14885c9cf78"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
        },
        "attributes": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/627e747a-6096-4dde-a4e5-f14885c9cf78/attributes"
        },
        "secret": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/627e747a-6096-4dde-a4e5-f14885c9cf78/secret"
        },
        "grants": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/627e747a-6096-4dde-a4e5-f14885c9cf78/grants"
        },
        "keyRotationPolicy": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/keyRotationPolicies/38c6ccb0-bfd9-4e6b-ace7-4651c52a3c2c"
        }
    },
    "environment": {
        "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "id": "627e747a-6096-4dde-a4e5-f14885c9cf78",
    "name": "OIDC-SPA-App",
    "description": "Test Description - OIDC App (Single Page App)",
    "enabled": true,
    "hiddenFromAppPortal": false,
    "type": "SINGLE_PAGE_APP",
    "loginPageUrl": "https://example.com/loginPage",
    "homePageUrl": "https://example.com/homePage",
    "icon": {
        "id": "e8ad78dd-d45c-49b4-974d-8d5e443d4531",
        "href": "https://upload.image.org/image.jpg"
    },
    "protocol": "OPENID_CONNECT",
    "createdAt": "2024-07-19T22:14:16.894Z",
    "updatedAt": "2024-07-19T22:14:16.894Z",
    "assignActorRoles": false,
    "responseTypes": [
        "CODE"
    ],
    "pkceEnforcement": "S256_REQUIRED",
    "redirectUris": [
        "https://example.com"
    ],
    "deviceTimeout": 600,
    "grantTypes": [
        "AUTHORIZATION_CODE"
    ],
    "refreshTokenDuration": 86400,
    "additionalRefreshTokenReplayProtectionEnabled": true,
    "tokenEndpointAuthMethod": "NONE",
    "postLogoutRedirectUris": [
        "https://example.com/logout"
    ],
    "refreshTokenRollingDuration": 86400,
    "parRequirement": "OPTIONAL",
    "devicePollingInterval": 5,
    "parTimeout": 60,
    "signing": {
        "keyRotationPolicy": {
            "id": "38c6ccb0-bfd9-4e6b-ace7-4651c52a3c2c"
        }
    }
}