--- title: Create Application (OIDC Protocol - Worker Interactive App) description: Worker applications are administrator applications that interact with PingOne platform APIs. The POST {{apiPath}}/v1/environments/{{envID}}/applications operation adds a new application resource to the specified environment. The WORKER type is intended for admin applications that use the administrator roles to provide access to PingOne resources. For more information about roles, refer to Roles. component: pingone-api page_id: pingone-api:platform:applications/applications-1/create-application-oidc-protocol---worker-interactive-app canonical_url: https://developer.pingidentity.com/pingone-api/platform/applications/applications-1/create-application-oidc-protocol---worker-interactive-app.html section_ids: prerequisites: Prerequisites headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Create Application (OIDC Protocol - Worker Interactive App) ## ```none POST {{apiPath}}/v1/environments/{{envID}}/applications ``` Worker applications are administrator applications that interact with PingOne platform APIs. The `POST {{apiPath}}/v1/environments/{{envID}}/applications` operation adds a new application resource to the specified environment. The WORKER type is intended for admin applications that use the administrator roles to provide access to PingOne resources. For more information about roles, refer to [Roles](../../roles.html). | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | This example shows the configuration for an interactive administrator application. For a configuration example of a non-interactive worker application, refer to [Create Application (OIDC Protocol - Worker App)](create-application-oidc-protocol---worker-app.html). Worker applications that use a user-based grant type such as `implicit` or `authorization_code` let you assign only OIDC scopes to the application. When getting a token using a user-based grant type, the user's role assignments are used. | ### Prerequisites * Refer to [Application Operations](../applications-1.html) for important overview information. > **Collapse: Query parameters** > > | Parameter | Description | > | --------- | ---------------------------------------------------------------------------------------------- | > | `expand` | Shows additional information in the `_embedded` resource list. Optional value is `attributes`. | > **Collapse: Request Model** > > **Base application data model (worker application)** > > Refer to [Applications base data model](../applications-1.html#applications-base-data-model) for complete descriptions. > > | Property | Required? | Type | > | ------------------------------- | --------- | ------- | > | `assignActorRoles` | Optional | Boolean | > | `accessControl.role.type` | Optional | String | > | `accessControl.group.type` | Optional | String | > | `accessControl.group.groups` | Optional | Array | > | `accessControl.group.groups.id` | Optional | UUID | > | `description` | Optional | String | > | `enabled` | Required | Boolean | > | `homePageUrl` | Optional | URL | > | `loginPageUrl` | Optional | URL | > | `icon.id` | Optional | UUID | > | `icon.href` | Optional | URL | > | `name` | Required | String | > | `protocol` | Required | String | > | `tags` | Optional | Array | > | `type` | Required | String | > > **Additional OIDC settings** > > Refer to [Applications OIDC settings data model](../applications-1.html#applications-oidc-settings-data-model) for complete descriptions. > > If you set the `protocol` attribute to `OPENID_CONNECT`, you must provide values for the required OIDC settings. Optional settings can be omitted. > > | Property | Required? | Type | > | ----------------------------------------------- | --------- | -------- | > | `additionalRefreshTokenReplayProtectionEnabled` | Optional | Boolean | > | `grantTypes` | Optional | String | > | `jwks` | String | Optional | > | `jwksUrl` | String | Optional | > | `pkceEnforcement` | Optional | String | > | `pkceEnforcement` | Optional | String | > | `postLogoutRedirectUris` | Required | URL | > | `redirectUris` | Required | URL | > | `refreshTokenDuration` | Optional | Integer | > | `refreshTokenRollingDuration` | Optional | Integer | > | `requireSignedRequestObject` | Optional | Boolean | > | `responseTypes` | Required | String | > | `signing` | Optional | Object | > | `signing.keyRotationPolicy` | Required | Object | > | `signing.keyRotationPolicy.id` | Required | String | > | `supportUnsignedRequestObject` | Optional | Boolean | > | `tokenEndpointAuthMethod` | Required | String | ### Headers Authorization      Bearer {{accessToken}} Content-Type      application/json ### Body raw ( application/json ) ```json { "enabled": true, "name": "WORKER-App7", "description": "Test Description - Worker App", "type": "WORKER", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "grantTypes": [ "CLIENT_CREDENTIALS", "AUTHORIZATION_CODE", "IMPLICIT" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "responseTypes": [ "CODE", "TOKEN", "ID_TOKEN" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "pkceEnforcement": "REQUIRED", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{apiPath}}/v1/environments/{{envID}}/applications' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data '{ "enabled": true, "name": "WORKER-App7", "description": "Test Description - Worker App", "type": "WORKER", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "grantTypes": [ "CLIENT_CREDENTIALS", "AUTHORIZATION_CODE", "IMPLICIT" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "responseTypes": [ "CODE", "TOKEN", "ID_TOKEN" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "pkceEnforcement": "REQUIRED", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 }' ``` ```csharp var options = new RestClientOptions("{{apiPath}}/v1/environments/{{envID}}/applications") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Authorization", "Bearer {{accessToken}}"); var body = @"{" + "\n" + @" ""enabled"": true," + "\n" + @" ""name"": ""WORKER-App7""," + "\n" + @" ""description"": ""Test Description - Worker App""," + "\n" + @" ""type"": ""WORKER""," + "\n" + @" ""protocol"": ""OPENID_CONNECT""," + "\n" + @" ""homePageUrl"": ""https://example.com/homePage""," + "\n" + @" ""loginPageUrl"": ""https://example.com/loginPage""," + "\n" + @" ""icon"": {" + "\n" + @" ""id"": ""{{imageID}}""," + "\n" + @" ""href"": ""https://upload.image.org/image.jpg""" + "\n" + @" }," + "\n" + @" ""grantTypes"": [" + "\n" + @" ""CLIENT_CREDENTIALS""," + "\n" + @" ""AUTHORIZATION_CODE""," + "\n" + @" ""IMPLICIT""" + "\n" + @" ]," + "\n" + @" ""postLogoutRedirectUris"": [" + "\n" + @" ""https://example.com/logout""" + "\n" + @" ]," + "\n" + @" ""redirectUris"": [" + "\n" + @" ""https://example.com""" + "\n" + @" ]," + "\n" + @" ""responseTypes"": [" + "\n" + @" ""CODE""," + "\n" + @" ""TOKEN""," + "\n" + @" ""ID_TOKEN""" + "\n" + @" ]," + "\n" + @" ""tokenEndpointAuthMethod"": ""CLIENT_SECRET_BASIC""," + "\n" + @" ""pkceEnforcement"": ""REQUIRED""," + "\n" + @" ""refreshTokenDuration"": 86400," + "\n" + @" ""refreshTokenRollingDuration"": 86400" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{apiPath}}/v1/environments/{{envID}}/applications" method := "POST" payload := strings.NewReader(`{ "enabled": true, "name": "WORKER-App7", "description": "Test Description - Worker App", "type": "WORKER", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "grantTypes": [ "CLIENT_CREDENTIALS", "AUTHORIZATION_CODE", "IMPLICIT" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "responseTypes": [ "CODE", "TOKEN", "ID_TOKEN" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "pkceEnforcement": "REQUIRED", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer {{accessToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /v1/environments/{{envID}}/applications HTTP/1.1 Host: {{apiPath}} Content-Type: application/json Authorization: Bearer {{accessToken}} { "enabled": true, "name": "WORKER-App7", "description": "Test Description - Worker App", "type": "WORKER", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "grantTypes": [ "CLIENT_CREDENTIALS", "AUTHORIZATION_CODE", "IMPLICIT" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "responseTypes": [ "CODE", "TOKEN", "ID_TOKEN" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "pkceEnforcement": "REQUIRED", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, "{\n \"enabled\": true,\n \"name\": \"WORKER-App7\",\n \"description\": \"Test Description - Worker App\",\n \"type\": \"WORKER\",\n \"protocol\": \"OPENID_CONNECT\",\n \"homePageUrl\": \"https://example.com/homePage\",\n \"loginPageUrl\": \"https://example.com/loginPage\",\n \"icon\": {\n \"id\": \"{{imageID}}\",\n \"href\": \"https://upload.image.org/image.jpg\"\n },\n \"grantTypes\": [\n \"CLIENT_CREDENTIALS\",\n \"AUTHORIZATION_CODE\",\n \"IMPLICIT\"\n ],\n \"postLogoutRedirectUris\": [\n \"https://example.com/logout\"\n ],\n \"redirectUris\": [\n \"https://example.com\"\n ],\n \"responseTypes\": [\n \"CODE\",\n \"TOKEN\",\n \"ID_TOKEN\"\n ],\n \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\",\n \"pkceEnforcement\": \"REQUIRED\",\n \"refreshTokenDuration\": 86400,\n \"refreshTokenRollingDuration\": 86400\n}"); Request request = new Request.Builder() .url("{{apiPath}}/v1/environments/{{envID}}/applications") .method("POST", body) .addHeader("Content-Type", "application/json") .addHeader("Authorization", "Bearer {{accessToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{apiPath}}/v1/environments/{{envID}}/applications", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/json", "Authorization": "Bearer {{accessToken}}" }, "data": JSON.stringify({ "enabled": true, "name": "WORKER-App7", "description": "Test Description - Worker App", "type": "WORKER", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "grantTypes": [ "CLIENT_CREDENTIALS", "AUTHORIZATION_CODE", "IMPLICIT" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "responseTypes": [ "CODE", "TOKEN", "ID_TOKEN" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "pkceEnforcement": "REQUIRED", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{apiPath}}/v1/environments/{{envID}}/applications', 'headers': { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' }, body: JSON.stringify({ "enabled": true, "name": "WORKER-App7", "description": "Test Description - Worker App", "type": "WORKER", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "grantTypes": [ "CLIENT_CREDENTIALS", "AUTHORIZATION_CODE", "IMPLICIT" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "responseTypes": [ "CODE", "TOKEN", "ID_TOKEN" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "pkceEnforcement": "REQUIRED", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{apiPath}}/v1/environments/{{envID}}/applications" payload = json.dumps({ "enabled": True, "name": "WORKER-App7", "description": "Test Description - Worker App", "type": "WORKER", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "grantTypes": [ "CLIENT_CREDENTIALS", "AUTHORIZATION_CODE", "IMPLICIT" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "responseTypes": [ "CODE", "TOKEN", "ID_TOKEN" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "pkceEnforcement": "REQUIRED", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 }) headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{apiPath}}/v1/environments/{{envID}}/applications'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/json', 'Authorization' => 'Bearer {{accessToken}}' )); $request->setBody('{\n "enabled": true,\n "name": "WORKER-App7",\n "description": "Test Description - Worker App",\n "type": "WORKER",\n "protocol": "OPENID_CONNECT",\n "homePageUrl": "https://example.com/homePage",\n "loginPageUrl": "https://example.com/loginPage",\n "icon": {\n "id": "{{imageID}}",\n "href": "https://upload.image.org/image.jpg"\n },\n "grantTypes": [\n "CLIENT_CREDENTIALS",\n "AUTHORIZATION_CODE",\n "IMPLICIT"\n ],\n "postLogoutRedirectUris": [\n "https://example.com/logout"\n ],\n "redirectUris": [\n "https://example.com"\n ],\n "responseTypes": [\n "CODE",\n "TOKEN",\n "ID_TOKEN"\n ],\n "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",\n "pkceEnforcement": "REQUIRED",\n "refreshTokenDuration": 86400,\n "refreshTokenRollingDuration": 86400\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{apiPath}}/v1/environments/{{envID}}/applications") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["Content-Type"] = "application/json" request["Authorization"] = "Bearer {{accessToken}}" request.body = JSON.dump({ "enabled": true, "name": "WORKER-App7", "description": "Test Description - Worker App", "type": "WORKER", "protocol": "OPENID_CONNECT", "homePageUrl": "https://example.com/homePage", "loginPageUrl": "https://example.com/loginPage", "icon": { "id": "{{imageID}}", "href": "https://upload.image.org/image.jpg" }, "grantTypes": [ "CLIENT_CREDENTIALS", "AUTHORIZATION_CODE", "IMPLICIT" ], "postLogoutRedirectUris": [ "https://example.com/logout" ], "redirectUris": [ "https://example.com" ], "responseTypes": [ "CODE", "TOKEN", "ID_TOKEN" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "pkceEnforcement": "REQUIRED", "refreshTokenDuration": 86400, "refreshTokenRollingDuration": 86400 }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"enabled\": true,\n \"name\": \"WORKER-App7\",\n \"description\": \"Test Description - Worker App\",\n \"type\": \"WORKER\",\n \"protocol\": \"OPENID_CONNECT\",\n \"homePageUrl\": \"https://example.com/homePage\",\n \"loginPageUrl\": \"https://example.com/loginPage\",\n \"icon\": {\n \"id\": \"{{imageID}}\",\n \"href\": \"https://upload.image.org/image.jpg\"\n },\n \"grantTypes\": [\n \"CLIENT_CREDENTIALS\",\n \"AUTHORIZATION_CODE\",\n \"IMPLICIT\"\n ],\n \"postLogoutRedirectUris\": [\n \"https://example.com/logout\"\n ],\n \"redirectUris\": [\n \"https://example.com\"\n ],\n \"responseTypes\": [\n \"CODE\",\n \"TOKEN\",\n \"ID_TOKEN\"\n ],\n \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\",\n \"pkceEnforcement\": \"REQUIRED\",\n \"refreshTokenDuration\": 86400,\n \"refreshTokenRollingDuration\": 86400\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{apiPath}}/v1/environments/{{envID}}/applications")!,timeoutInterval: Double.infinity) request.addValue("application/json", forHTTPHeaderField: "Content-Type") request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 201 Created ```json { "_links": { "self": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/d92621c0-55ec-4d40-a458-dbf91a8831e3" }, "environment": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "attributes": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/d92621c0-55ec-4d40-a458-dbf91a8831e3/attributes" }, "secret": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/d92621c0-55ec-4d40-a458-dbf91a8831e3/secret" }, "grants": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/d92621c0-55ec-4d40-a458-dbf91a8831e3/grants" }, "roleAssignments": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/d92621c0-55ec-4d40-a458-dbf91a8831e3/roleAssignments" } }, "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "id": "d92621c0-55ec-4d40-a458-dbf91a8831e3", "name": "WORKER-App7", "description": "Test Description - Worker App", "enabled": true, "type": "WORKER", "loginPageUrl": "https://example.com/loginPage", "homePageUrl": "https://example.com/homePage", "accessControl": { "role": { "type": "ADMIN_USERS_ONLY" } }, "icon": { "id": "e8ad78dd-d45c-49b4-974d-8d5e443d4531", "href": "https://upload.image.org/image.jpg" }, "protocol": "OPENID_CONNECT", "createdAt": "2022-10-28T15:29:55.131Z", "updatedAt": "2022-10-28T15:29:55.131Z", "assignActorRoles": true, "responseTypes": [ "CODE", "ID_TOKEN", "TOKEN" ], "grantTypes": [ "AUTHORIZATION_CODE", "IMPLICIT" ], "refreshTokenDuration": 86400, "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC", "pkceEnforcement": "REQUIRED", "postLogoutRedirectUris": [ "https://example.com/logout" ], "refreshTokenRollingDuration": 86400, "redirectUris": [ "https://example.com" ] } ```