Create Application (OIDC Protocol - Worker Interactive App)
POST {{apiPath}}/environments/{{envID}}/applicationsWorker applications are administrator applications that interact with PingOne platform APIs. The POST {{apiPath}}/environments/{{envID}}/applications operation adds a new application resource to the specified environment. The WORKER type is intended for admin applications that use the administrator roles to provide access to PingOne resources. For more information about roles, refer to Roles.
|
This example shows the configuration for an interactive administrator application. For a configuration example of a non-interactive worker application, refer to Create Application (OIDC Protocol - Worker App). Worker applications that use a user-based grant type such as |
Prerequisites
-
Refer to Application Operations for important overview information.
Query parameters
| Parameter | Description |
|---|---|
|
Shows additional information in the |
Request Model
Base application data model (worker application)
Refer to Applications base data model for complete descriptions.
| Property | Required? | Type |
|---|---|---|
|
Optional |
Boolean |
|
Optional |
String |
|
Optional |
String |
|
Optional |
Array |
|
Optional |
UUID |
|
Optional |
String |
|
Required |
Boolean |
|
Optional |
URL |
|
Optional |
URL |
|
Optional |
UUID |
|
Optional |
URL |
|
Required |
String |
|
Required |
String |
|
Optional |
Array |
|
Required |
String |
Additional OIDC settings
Refer to Applications OIDC settings data model for complete descriptions.
If you set the protocol attribute to OPENID_CONNECT, you must provide values for the required OIDC settings. Optional settings can be omitted.
| Property | Required? | Type |
|---|---|---|
|
Optional |
Boolean |
|
Optional |
String |
|
String |
Optional |
|
String |
Optional |
|
Optional |
String |
|
Optional |
String |
|
Required |
URL |
|
Required |
URL |
|
Optional |
Integer |
|
Optional |
Integer |
|
Optional |
Boolean |
|
Required |
String |
|
Optional |
Object |
|
Required |
Object |
|
Required |
String |
|
Optional |
Boolean |
|
Required |
String |
Body
raw ( application/json )
{
"enabled": true,
"name": "WORKER-App7",
"description": "Test Description - Worker App",
"type": "WORKER",
"protocol": "OPENID_CONNECT",
"homePageUrl": "https://example.com/homePage",
"loginPageUrl": "https://example.com/loginPage",
"icon": {
"id": "{{imageID}}",
"href": "https://upload.image.org/image.jpg"
},
"grantTypes": [
"CLIENT_CREDENTIALS",
"AUTHORIZATION_CODE",
"IMPLICIT"
],
"postLogoutRedirectUris": [
"https://example.com/logout"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE",
"TOKEN",
"ID_TOKEN"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"pkceEnforcement": "REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
}Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{apiPath}}/environments/{{envID}}/applications' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
"enabled": true,
"name": "WORKER-App7",
"description": "Test Description - Worker App",
"type": "WORKER",
"protocol": "OPENID_CONNECT",
"homePageUrl": "https://example.com/homePage",
"loginPageUrl": "https://example.com/loginPage",
"icon": {
"id": "{{imageID}}",
"href": "https://upload.image.org/image.jpg"
},
"grantTypes": [
"CLIENT_CREDENTIALS",
"AUTHORIZATION_CODE",
"IMPLICIT"
],
"postLogoutRedirectUris": [
"https://example.com/logout"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE",
"TOKEN",
"ID_TOKEN"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"pkceEnforcement": "REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
}'var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/applications")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@" ""enabled"": true," + "\n" +
@" ""name"": ""WORKER-App7""," + "\n" +
@" ""description"": ""Test Description - Worker App""," + "\n" +
@" ""type"": ""WORKER""," + "\n" +
@" ""protocol"": ""OPENID_CONNECT""," + "\n" +
@" ""homePageUrl"": ""https://example.com/homePage""," + "\n" +
@" ""loginPageUrl"": ""https://example.com/loginPage""," + "\n" +
@" ""icon"": {" + "\n" +
@" ""id"": ""{{imageID}}""," + "\n" +
@" ""href"": ""https://upload.image.org/image.jpg""" + "\n" +
@" }," + "\n" +
@" ""grantTypes"": [" + "\n" +
@" ""CLIENT_CREDENTIALS""," + "\n" +
@" ""AUTHORIZATION_CODE""," + "\n" +
@" ""IMPLICIT""" + "\n" +
@" ]," + "\n" +
@" ""postLogoutRedirectUris"": [" + "\n" +
@" ""https://example.com/logout""" + "\n" +
@" ]," + "\n" +
@" ""redirectUris"": [" + "\n" +
@" ""https://example.com""" + "\n" +
@" ]," + "\n" +
@" ""responseTypes"": [" + "\n" +
@" ""CODE""," + "\n" +
@" ""TOKEN""," + "\n" +
@" ""ID_TOKEN""" + "\n" +
@" ]," + "\n" +
@" ""tokenEndpointAuthMethod"": ""CLIENT_SECRET_BASIC""," + "\n" +
@" ""pkceEnforcement"": ""REQUIRED""," + "\n" +
@" ""refreshTokenDuration"": 86400," + "\n" +
@" ""refreshTokenRollingDuration"": 86400" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{apiPath}}/environments/{{envID}}/applications"
method := "POST"
payload := strings.NewReader(`{
"enabled": true,
"name": "WORKER-App7",
"description": "Test Description - Worker App",
"type": "WORKER",
"protocol": "OPENID_CONNECT",
"homePageUrl": "https://example.com/homePage",
"loginPageUrl": "https://example.com/loginPage",
"icon": {
"id": "{{imageID}}",
"href": "https://upload.image.org/image.jpg"
},
"grantTypes": [
"CLIENT_CREDENTIALS",
"AUTHORIZATION_CODE",
"IMPLICIT"
],
"postLogoutRedirectUris": [
"https://example.com/logout"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE",
"TOKEN",
"ID_TOKEN"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"pkceEnforcement": "REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Bearer {{accessToken}}")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}POST /environments/{{envID}}/applications HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}
{
"enabled": true,
"name": "WORKER-App7",
"description": "Test Description - Worker App",
"type": "WORKER",
"protocol": "OPENID_CONNECT",
"homePageUrl": "https://example.com/homePage",
"loginPageUrl": "https://example.com/loginPage",
"icon": {
"id": "{{imageID}}",
"href": "https://upload.image.org/image.jpg"
},
"grantTypes": [
"CLIENT_CREDENTIALS",
"AUTHORIZATION_CODE",
"IMPLICIT"
],
"postLogoutRedirectUris": [
"https://example.com/logout"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE",
"TOKEN",
"ID_TOKEN"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"pkceEnforcement": "REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n \"enabled\": true,\n \"name\": \"WORKER-App7\",\n \"description\": \"Test Description - Worker App\",\n \"type\": \"WORKER\",\n \"protocol\": \"OPENID_CONNECT\",\n \"homePageUrl\": \"https://example.com/homePage\",\n \"loginPageUrl\": \"https://example.com/loginPage\",\n \"icon\": {\n \"id\": \"{{imageID}}\",\n \"href\": \"https://upload.image.org/image.jpg\"\n },\n \"grantTypes\": [\n \"CLIENT_CREDENTIALS\",\n \"AUTHORIZATION_CODE\",\n \"IMPLICIT\"\n ],\n \"postLogoutRedirectUris\": [\n \"https://example.com/logout\"\n ],\n \"redirectUris\": [\n \"https://example.com\"\n ],\n \"responseTypes\": [\n \"CODE\",\n \"TOKEN\",\n \"ID_TOKEN\"\n ],\n \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\",\n \"pkceEnforcement\": \"REQUIRED\",\n \"refreshTokenDuration\": 86400,\n \"refreshTokenRollingDuration\": 86400\n}");
Request request = new Request.Builder()
.url("{{apiPath}}/environments/{{envID}}/applications")
.method("POST", body)
.addHeader("Content-Type", "application/json")
.addHeader("Authorization", "Bearer {{accessToken}}")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{apiPath}}/environments/{{envID}}/applications",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer {{accessToken}}"
},
"data": JSON.stringify({
"enabled": true,
"name": "WORKER-App7",
"description": "Test Description - Worker App",
"type": "WORKER",
"protocol": "OPENID_CONNECT",
"homePageUrl": "https://example.com/homePage",
"loginPageUrl": "https://example.com/loginPage",
"icon": {
"id": "{{imageID}}",
"href": "https://upload.image.org/image.jpg"
},
"grantTypes": [
"CLIENT_CREDENTIALS",
"AUTHORIZATION_CODE",
"IMPLICIT"
],
"postLogoutRedirectUris": [
"https://example.com/logout"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE",
"TOKEN",
"ID_TOKEN"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"pkceEnforcement": "REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
}),
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'POST',
'url': '{{apiPath}}/environments/{{envID}}/applications',
'headers': {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
},
body: JSON.stringify({
"enabled": true,
"name": "WORKER-App7",
"description": "Test Description - Worker App",
"type": "WORKER",
"protocol": "OPENID_CONNECT",
"homePageUrl": "https://example.com/homePage",
"loginPageUrl": "https://example.com/loginPage",
"icon": {
"id": "{{imageID}}",
"href": "https://upload.image.org/image.jpg"
},
"grantTypes": [
"CLIENT_CREDENTIALS",
"AUTHORIZATION_CODE",
"IMPLICIT"
],
"postLogoutRedirectUris": [
"https://example.com/logout"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE",
"TOKEN",
"ID_TOKEN"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"pkceEnforcement": "REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
import json
url = "{{apiPath}}/environments/{{envID}}/applications"
payload = json.dumps({
"enabled": True,
"name": "WORKER-App7",
"description": "Test Description - Worker App",
"type": "WORKER",
"protocol": "OPENID_CONNECT",
"homePageUrl": "https://example.com/homePage",
"loginPageUrl": "https://example.com/loginPage",
"icon": {
"id": "{{imageID}}",
"href": "https://upload.image.org/image.jpg"
},
"grantTypes": [
"CLIENT_CREDENTIALS",
"AUTHORIZATION_CODE",
"IMPLICIT"
],
"postLogoutRedirectUris": [
"https://example.com/logout"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE",
"TOKEN",
"ID_TOKEN"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"pkceEnforcement": "REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
})
headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/applications');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/json',
'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n "enabled": true,\n "name": "WORKER-App7",\n "description": "Test Description - Worker App",\n "type": "WORKER",\n "protocol": "OPENID_CONNECT",\n "homePageUrl": "https://example.com/homePage",\n "loginPageUrl": "https://example.com/loginPage",\n "icon": {\n "id": "{{imageID}}",\n "href": "https://upload.image.org/image.jpg"\n },\n "grantTypes": [\n "CLIENT_CREDENTIALS",\n "AUTHORIZATION_CODE",\n "IMPLICIT"\n ],\n "postLogoutRedirectUris": [\n "https://example.com/logout"\n ],\n "redirectUris": [\n "https://example.com"\n ],\n "responseTypes": [\n "CODE",\n "TOKEN",\n "ID_TOKEN"\n ],\n "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",\n "pkceEnforcement": "REQUIRED",\n "refreshTokenDuration": 86400,\n "refreshTokenRollingDuration": 86400\n}');
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "json"
require "net/http"
url = URI("{{apiPath}}/environments/{{envID}}/applications")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
"enabled": true,
"name": "WORKER-App7",
"description": "Test Description - Worker App",
"type": "WORKER",
"protocol": "OPENID_CONNECT",
"homePageUrl": "https://example.com/homePage",
"loginPageUrl": "https://example.com/loginPage",
"icon": {
"id": "{{imageID}}",
"href": "https://upload.image.org/image.jpg"
},
"grantTypes": [
"CLIENT_CREDENTIALS",
"AUTHORIZATION_CODE",
"IMPLICIT"
],
"postLogoutRedirectUris": [
"https://example.com/logout"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE",
"TOKEN",
"ID_TOKEN"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"pkceEnforcement": "REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
})
response = http.request(request)
puts response.read_bodylet parameters = "{\n \"enabled\": true,\n \"name\": \"WORKER-App7\",\n \"description\": \"Test Description - Worker App\",\n \"type\": \"WORKER\",\n \"protocol\": \"OPENID_CONNECT\",\n \"homePageUrl\": \"https://example.com/homePage\",\n \"loginPageUrl\": \"https://example.com/loginPage\",\n \"icon\": {\n \"id\": \"{{imageID}}\",\n \"href\": \"https://upload.image.org/image.jpg\"\n },\n \"grantTypes\": [\n \"CLIENT_CREDENTIALS\",\n \"AUTHORIZATION_CODE\",\n \"IMPLICIT\"\n ],\n \"postLogoutRedirectUris\": [\n \"https://example.com/logout\"\n ],\n \"redirectUris\": [\n \"https://example.com\"\n ],\n \"responseTypes\": [\n \"CODE\",\n \"TOKEN\",\n \"ID_TOKEN\"\n ],\n \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\",\n \"pkceEnforcement\": \"REQUIRED\",\n \"refreshTokenDuration\": 86400,\n \"refreshTokenRollingDuration\": 86400\n}"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/applications")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")
request.httpMethod = "POST"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
201 Created
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/d92621c0-55ec-4d40-a458-dbf91a8831e3"
},
"environment": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"attributes": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/d92621c0-55ec-4d40-a458-dbf91a8831e3/attributes"
},
"secret": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/d92621c0-55ec-4d40-a458-dbf91a8831e3/secret"
},
"grants": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/d92621c0-55ec-4d40-a458-dbf91a8831e3/grants"
},
"roleAssignments": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/d92621c0-55ec-4d40-a458-dbf91a8831e3/roleAssignments"
}
},
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"id": "d92621c0-55ec-4d40-a458-dbf91a8831e3",
"name": "WORKER-App7",
"description": "Test Description - Worker App",
"enabled": true,
"type": "WORKER",
"loginPageUrl": "https://example.com/loginPage",
"homePageUrl": "https://example.com/homePage",
"accessControl": {
"role": {
"type": "ADMIN_USERS_ONLY"
}
},
"icon": {
"id": "e8ad78dd-d45c-49b4-974d-8d5e443d4531",
"href": "https://upload.image.org/image.jpg"
},
"protocol": "OPENID_CONNECT",
"createdAt": "2022-10-28T15:29:55.131Z",
"updatedAt": "2022-10-28T15:29:55.131Z",
"assignActorRoles": true,
"responseTypes": [
"CODE",
"ID_TOKEN",
"TOKEN"
],
"grantTypes": [
"AUTHORIZATION_CODE",
"IMPLICIT"
],
"refreshTokenDuration": 86400,
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"pkceEnforcement": "REQUIRED",
"postLogoutRedirectUris": [
"https://example.com/logout"
],
"refreshTokenRollingDuration": 86400,
"redirectUris": [
"https://example.com"
]
}