--- title: Create Application (OIDC Protocol - Single Page App) description: The POST {{apiPath}}/v1/environments/{{envID}}/applications operation adds a new application resource to the specified environment. component: pingone-api page_id: pingone-api:platform:applications/applications-1/create-application-oidc-protocol---single-page-app canonical_url: https://developer.pingidentity.com/pingone-api/platform/applications/applications-1/create-application-oidc-protocol---single-page-app.html section_ids: prerequisites: Prerequisites headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Create Application (OIDC Protocol - Single Page App) ## ```none POST {{apiPath}}/v1/environments/{{envID}}/applications ``` The `POST {{apiPath}}/v1/environments/{{envID}}/applications` operation adds a new application resource to the specified environment. In addition to the required `name` attribute, the request body also specifies a value of `true` for the `enabled` attribute. If a value is not specified for the `enabled` attribute, it is set to `false` by default. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | In PingOne, when defining a single-page application in the Admin Console, the application uses the following recommended OIDC settings as the default:- `grantTypes` is set to `AUTHORIZATION_CODE`. - `responseTypes` is set to `CODE`. - `pkceEnforcement` is set to `S256_REQUIRED`. - `tokenEndpointAuthMethod` is set to `NONE`. | ### Prerequisites * Refer to [Application Operations](../applications-1.html) for important overview information. > **Collapse: Request Model** > > **Base application data model (single page application)** > > Refer to [Applications base data model](../applications-1.html#applications-base-data-model) for complete descriptions. > > | Property | Required? | Type | > | ------------------------------- | --------- | ------- | > | `assignActorRoles` | Optional | Boolean | > | `accessControl.role.type` | Optional | String | > | `accessControl.group.type` | Optional | String | > | `accessControl.group.groups` | Optional | Array | > | `accessControl.group.groups.id` | Optional | UUID | > | `description` | Optional | String | > | `enabled` | Required | Boolean | > | `homePageUrl` | Optional | URL | > | `loginPageUrl` | Optional | URL | > | `icon.id` | Optional | UUID | > | `icon.href` | Optional | URL | > | `name` | Required | String | > | `protocol` | Required | String | > | `tags` | Optional | Array | > | `type` | Required | String | > > **Additional OIDC settings** > > Refer to [Applications OIDC settings data model](../applications-1.html#applications-oidc-settings-data-model) for complete descriptions. > > If you set the `protocol` attribute to `OPENID_CONNECT`, you must provide values for the required OIDC settings. Optional settings can be omitted. > > | Property | Required? | Type | > | ----------------------------------------------- | --------- | ------- | > | `additionalRefreshTokenReplayProtectionEnabled` | Optional | Boolean | > | `grantTypes` | Optional | String | > | `pkceEnforcement` | Optional | String | > | `postLogoutRedirectUris` | Required | URL | > | `redirectUris` | Required | URL | > | `refreshTokenDuration` | Optional | Integer | > | `refreshTokenRollingDuration` | Optional | Integer | > | `requireSignedRequestObject` | Optional | Boolean | > | `responseTypes` | Required | String | > | `signing` | Optional | Object | > | `signing.keyRotationPolicy` | Required | Object | > | `signing.keyRotationPolicy.id` | Required | String | > | `supportUnsignedRequestObject` | Optional | Boolean | > | `tokenEndpointAuthMethod` | Required | String | ### Headers Authorization      Bearer {{accessToken}} Content-Type      application/json ### Body raw ( application/json ) ```json { "enabled": true, "name": "OIDC-SPA-App", "description": "Test Description - OIDC App (Single Page App)", "type": "SINGLE_PAGE_APP", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "grantTypes": [ "AUTHORIZATION_CODE" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "responseTypes": [ "CODE" ], "tokenEndpointAuthMethod": "NONE", "pkceEnforcement": "S256_REQUIRED", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{apiPath}}/v1/environments/{{envID}}/applications' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data '{ "enabled": true, "name": "OIDC-SPA-App", "description": "Test Description - OIDC App (Single Page App)", "type": "SINGLE_PAGE_APP", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "grantTypes": [ "AUTHORIZATION_CODE" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "responseTypes": [ "CODE" ], "tokenEndpointAuthMethod": "NONE", "pkceEnforcement": "S256_REQUIRED", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 }' ``` ```csharp var options = new RestClientOptions("{{apiPath}}/v1/environments/{{envID}}/applications") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Authorization", "Bearer {{accessToken}}"); var body = @"{" + "\n" + @" ""enabled"": true," + "\n" + @" ""name"": ""OIDC-SPA-App""," + "\n" + @" ""description"": ""Test Description - OIDC App (Single Page App)""," + "\n" + @" ""type"": ""SINGLE_PAGE_APP""," + "\n" + @" ""protocol"": ""OPENID_CONNECT""," + "\n" + @" ""homePageUrl"": ""https://example.com/homePage""," + "\n" + @" ""loginPageUrl"": ""https://example.com/loginPage""," + "\n" + @" ""icon"": {" + "\n" + @" ""id"": ""{{imageID}}""," + "\n" + @" ""href"": ""https://upload.image.org/image.jpg""" + "\n" + @" }," + "\n" + @" ""grantTypes"": [" + "\n" + @" ""AUTHORIZATION_CODE""" + "\n" + @" ]," + "\n" + @" ""postLogoutRedirectUris"": [" + "\n" + @" ""https://example.com/logout""" + "\n" + @" ]," + "\n" + @" ""redirectUris"": [" + "\n" + @" ""https://example.com""" + "\n" + @" ]," + "\n" + @" ""responseTypes"": [" + "\n" + @" ""CODE""" + "\n" + @" ]," + "\n" + @" ""tokenEndpointAuthMethod"": ""NONE""," + "\n" + @" ""pkceEnforcement"": ""S256_REQUIRED""," + "\n" + @" ""refreshTokenDuration"": 86400," + "\n" + @" ""refreshTokenRollingDuration"": 86400" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{apiPath}}/v1/environments/{{envID}}/applications" method := "POST" payload := strings.NewReader(`{ "enabled": true, "name": "OIDC-SPA-App", "description": "Test Description - OIDC App (Single Page App)", "type": "SINGLE_PAGE_APP", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "grantTypes": [ "AUTHORIZATION_CODE" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "responseTypes": [ "CODE" ], "tokenEndpointAuthMethod": "NONE", "pkceEnforcement": "S256_REQUIRED", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer {{accessToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /v1/environments/{{envID}}/applications HTTP/1.1 Host: {{apiPath}} Content-Type: application/json Authorization: Bearer {{accessToken}} { "enabled": true, "name": "OIDC-SPA-App", "description": "Test Description - OIDC App (Single Page App)", "type": "SINGLE_PAGE_APP", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "grantTypes": [ "AUTHORIZATION_CODE" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "responseTypes": [ "CODE" ], "tokenEndpointAuthMethod": "NONE", "pkceEnforcement": "S256_REQUIRED", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, "{\n \"enabled\": true,\n \"name\": \"OIDC-SPA-App\",\n \"description\": \"Test Description - OIDC App (Single Page App)\",\n \"type\": \"SINGLE_PAGE_APP\",\n \"protocol\": \"OPENID_CONNECT\",\n \"homePageUrl\": \"https://example.com/homePage\",\n \"loginPageUrl\": \"https://example.com/loginPage\",\n \"icon\": {\n \"id\": \"{{imageID}}\",\n \"href\": \"https://upload.image.org/image.jpg\"\n },\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\"\n ],\n \"postLogoutRedirectUris\": [\n \"https://example.com/logout\"\n ],\n \"redirectUris\": [\n \"https://example.com\"\n ],\n \"responseTypes\": [\n \"CODE\"\n ],\n \"tokenEndpointAuthMethod\": \"NONE\",\n \"pkceEnforcement\": \"S256_REQUIRED\",\n \"refreshTokenDuration\": 86400,\n \"refreshTokenRollingDuration\": 86400\n}"); Request request = new Request.Builder() .url("{{apiPath}}/v1/environments/{{envID}}/applications") .method("POST", body) .addHeader("Content-Type", "application/json") .addHeader("Authorization", "Bearer {{accessToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{apiPath}}/v1/environments/{{envID}}/applications", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/json", "Authorization": "Bearer {{accessToken}}" }, "data": JSON.stringify({ "enabled": true, "name": "OIDC-SPA-App", "description": "Test Description - OIDC App (Single Page App)", "type": "SINGLE_PAGE_APP", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "grantTypes": [ "AUTHORIZATION_CODE" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "responseTypes": [ "CODE" ], "tokenEndpointAuthMethod": "NONE", "pkceEnforcement": "S256_REQUIRED", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{apiPath}}/v1/environments/{{envID}}/applications', 'headers': { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' }, body: JSON.stringify({ "enabled": true, "name": "OIDC-SPA-App", "description": "Test Description - OIDC App (Single Page App)", "type": "SINGLE_PAGE_APP", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "grantTypes": [ "AUTHORIZATION_CODE" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "responseTypes": [ "CODE" ], "tokenEndpointAuthMethod": "NONE", "pkceEnforcement": "S256_REQUIRED", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{apiPath}}/v1/environments/{{envID}}/applications" payload = json.dumps({ "enabled": True, "name": "OIDC-SPA-App", "description": "Test Description - OIDC App (Single Page App)", "type": "SINGLE_PAGE_APP", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "grantTypes": [ "AUTHORIZATION_CODE" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "responseTypes": [ "CODE" ], "tokenEndpointAuthMethod": "NONE", "pkceEnforcement": "S256_REQUIRED", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 }) headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{apiPath}}/v1/environments/{{envID}}/applications'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/json', 'Authorization' => 'Bearer {{accessToken}}' )); $request->setBody('{\n "enabled": true,\n "name": "OIDC-SPA-App",\n "description": "Test Description - OIDC App (Single Page App)",\n "type": "SINGLE_PAGE_APP",\n "protocol": "OPENID_CONNECT",\n "homePageUrl": "https://example.com/homePage",\n "loginPageUrl": "https://example.com/loginPage",\n "icon": {\n "id": "{{imageID}}",\n "href": "https://upload.image.org/image.jpg"\n },\n "grantTypes": [\n "AUTHORIZATION_CODE"\n ],\n "postLogoutRedirectUris": [\n "https://example.com/logout"\n ],\n "redirectUris": [\n "https://example.com"\n ],\n "responseTypes": [\n "CODE"\n ],\n "tokenEndpointAuthMethod": "NONE",\n "pkceEnforcement": "S256_REQUIRED",\n "refreshTokenDuration": 86400,\n "refreshTokenRollingDuration": 86400\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{apiPath}}/v1/environments/{{envID}}/applications") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["Content-Type"] = "application/json" request["Authorization"] = "Bearer {{accessToken}}" request.body = JSON.dump({ "enabled": true, "name": "OIDC-SPA-App", "description": "Test Description - OIDC App (Single Page App)", "type": "SINGLE_PAGE_APP", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "grantTypes": [ "AUTHORIZATION_CODE" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "responseTypes": [ "CODE" ], "tokenEndpointAuthMethod": "NONE", "pkceEnforcement": "S256_REQUIRED", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"enabled\": true,\n \"name\": \"OIDC-SPA-App\",\n \"description\": \"Test Description - OIDC App (Single Page App)\",\n \"type\": \"SINGLE_PAGE_APP\",\n \"protocol\": \"OPENID_CONNECT\",\n \"homePageUrl\": \"https://example.com/homePage\",\n \"loginPageUrl\": \"https://example.com/loginPage\",\n \"icon\": {\n \"id\": \"{{imageID}}\",\n \"href\": \"https://upload.image.org/image.jpg\"\n },\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\"\n ],\n \"postLogoutRedirectUris\": [\n \"https://example.com/logout\"\n ],\n \"redirectUris\": [\n \"https://example.com\"\n ],\n \"responseTypes\": [\n \"CODE\"\n ],\n \"tokenEndpointAuthMethod\": \"NONE\",\n \"pkceEnforcement\": \"S256_REQUIRED\",\n \"refreshTokenDuration\": 86400,\n \"refreshTokenRollingDuration\": 86400\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{apiPath}}/v1/environments/{{envID}}/applications")!,timeoutInterval: Double.infinity) request.addValue("application/json", forHTTPHeaderField: "Content-Type") request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 201 Created ```json { "_links": { "self": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/627e747a-6096-4dde-a4e5-f14885c9cf78" }, "environment": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "attributes": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/627e747a-6096-4dde-a4e5-f14885c9cf78/attributes" }, "secret": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/627e747a-6096-4dde-a4e5-f14885c9cf78/secret" }, "grants": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/627e747a-6096-4dde-a4e5-f14885c9cf78/grants" }, "keyRotationPolicy": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/keyRotationPolicies/38c6ccb0-bfd9-4e6b-ace7-4651c52a3c2c" } }, "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "id": "627e747a-6096-4dde-a4e5-f14885c9cf78", "name": "OIDC-SPA-App", "description": "Test Description - OIDC App (Single Page App)", "enabled": true, "hiddenFromAppPortal": false, "type": "SINGLE_PAGE_APP", "loginPageUrl": "https://example.com/loginPage", "homePageUrl": "https://example.com/homePage", "icon": { "id": "e8ad78dd-d45c-49b4-974d-8d5e443d4531", "href": "https://upload.image.org/image.jpg" }, "protocol": "OPENID_CONNECT", "createdAt": "2024-07-19T22:14:16.894Z", "updatedAt": "2024-07-19T22:14:16.894Z", "assignActorRoles": false, "responseTypes": [ "CODE" ], "pkceEnforcement": "S256_REQUIRED", "redirectUris": [ "https://example.com" ], "deviceTimeout": 600, "grantTypes": [ "AUTHORIZATION_CODE" ], "refreshTokenDuration": 86400, "additionalRefreshTokenReplayProtectionEnabled": true, "tokenEndpointAuthMethod": "NONE", "postLogoutRedirectUris": [ "https://example.com/logout" ], "refreshTokenRollingDuration": 86400, "parRequirement": "OPTIONAL", "devicePollingInterval": 5, "parTimeout": 60, "signing": { "keyRotationPolicy": { "id": "38c6ccb0-bfd9-4e6b-ace7-4651c52a3c2c" } } } ```