PingOne Platform APIs

Create Resource Attribute

   

POST {{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/attributes

The POST {{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/attributes operation adds a new custom resource attribute. The request URL specifies the new attribute’s associated environment ID and resource ID.

The request body must specify values for the attribute name and value properties. The name value must be unique within the specified environment resource and cannot use any of the reserved name values listed in the Resource attributes data model. The request can also specify the optional idToken and userInfo properties to designate whether the created attribute is present as a claim in the ID token, or whether the attribute is returned by the /userinfo endpoint. Note that these properties cannot both be set to false. In the Authorization request header field, the accessToken value is your full base64url-encoded JSON web token generated by the authentication service.

Advanced attribute mappings

You can optionally use PingOne’s expression language for advanced resource attribute mapping. With advanced attribute capabilities, you can write an expression that concatenates two or more user attributes in the value property:

curl --location --request POST '{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/attributes' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data-raw '{
    "name": "fullName",
	"value": "${user.name.given + ', ' + user.name.family}"
}'

For more information about PingOne’s expression language, refer to PingOne’s expression language.

Token fulfillment

Claims from a source authentication JWT can be mapped to PingOne tokens using the following expression variables as the value in the attribute mapping:

  • #root.context.requestData.clientAssertion.{{property}}

  • #root.context.requestData.clientAssertion

  • #root.context.requestData.clientAssertionHeader.{{property}}

  • #root.context.requestData.clientAssertionHeader

  • #root.context.requestData

  • #root.context.appConfig.tokenEndpointAuthMethod

To use these expressions and understand the information that gets mapped from the source JWT to the PingOne token, refer to Use an authentication JWT for token fulfillment.

For OIDC applications, if a mapping includes #root:context:requestData, when PingOne creates an ID token for the application, if the application is configured to use the Private Key JWT authentication scheme, PingOne will include the information from the authentication JWT in the ID token when the application provides it at PingOne’s token endpoint for authentication.

Prerequisites

Create a resource to get a resourceID for the endpoint. Refer also to Resources, especially Resource operations.

Request Model
Property Type Required?

name

String

Required

value

String

Required

Refer to the Resource attributes data model for full property descriptions.

Headers

Authorization      Bearer {{accessToken}}

Content-Type      application/json

Body

raw ( application/json )

{
    "name": "firstName",
    "value": "${user.name.given}"
}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/attributes' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "name": "firstName",
    "value": "${user.name.given}"
}'
var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/attributes")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""name"": ""firstName""," + "\n" +
@"    ""value"": ""${user.name.given}""" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/attributes"
  method := "POST"

  payload := strings.NewReader(`{
    "name": "firstName",
    "value": "${user.name.given}"
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /environments/{{envID}}/resources/{{resourceID}}/attributes HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}

{
    "name": "firstName",
    "value": "${user.name.given}"
}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"name\": \"firstName\",\n    \"value\": \"${user.name.given}\"\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/attributes")
  .method("POST", body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/attributes",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "name": "firstName",
    "value": "${user.name.given}"
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/attributes',
  'headers': {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "name": "firstName",
    "value": "${user.name.given}"
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests
import json

url = "{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/attributes"

payload = json.dumps({
  "name": "firstName",
  "value": "${user.name.given}"
})
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/attributes');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "name": "firstName",\n    "value": "${user.name.given}"\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/attributes")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "name": "firstName",
  "value": "\${user.name.given}"
})

response = http.request(request)
puts response.read_body
let parameters = "{\n    \"name\": \"firstName\",\n    \"value\": \"${user.name.given}\"\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/attributes")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

201 Created

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/resources/faac7db8-67ce-44aa-8ae0-5ae672f5b8bf/attributes/d13991db-145a-4f4c-802e-3f6526cb246c"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
        },
        "resource": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/resources/faac7db8-67ce-44aa-8ae0-5ae672f5b8bf"
        }
    },
    "id": "d13991db-145a-4f4c-802e-3f6526cb246c",
    "environment": {
        "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "name": "firstName",
    "value": "${user.name.given}",
    "type": "CUSTOM",
    "resource": {
        "id": "faac7db8-67ce-44aa-8ae0-5ae672f5b8bf"
    }
}