Step 1: Create a single-page application
POST {{apiPath}}/environments/{{envID}}/applicationsYou can use the POST {{apiPath}}/environments/{{envID}}/applications endpoint to create the new single-page application. To configure this application to use PKCE to authenticate the token request, set the application’s pkceEnforcement property to S256_REQUIRED. With PKCE enforcement enabled, you must set the application’s tokenEndpointAuthMethod property to NONE.
The response data returns information about the new application, including its id property, which identifies the UUID for this application resource. The application’s ID is required in Step 5 to make the authorization request and in Step 9 to make the token request.
Body
raw ( application/json )
{
"enabled": true,
"name": "SPA_withAuthCode{{$timestamp}}",
"description": "OIDC App (Single Page App)",
"type": "SINGLE_PAGE_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "NONE",
"pkceEnforcement": "S256_REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
}Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{apiPath}}/environments/{{envID}}/applications' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
"enabled": true,
"name": "SPA_withAuthCode{{$timestamp}}",
"description": "OIDC App (Single Page App)",
"type": "SINGLE_PAGE_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "NONE",
"pkceEnforcement": "S256_REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
}'var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/applications")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@" ""enabled"": true," + "\n" +
@" ""name"": ""SPA_withAuthCode{{$timestamp}}""," + "\n" +
@" ""description"": ""OIDC App (Single Page App)""," + "\n" +
@" ""type"": ""SINGLE_PAGE_APP""," + "\n" +
@" ""protocol"": ""OPENID_CONNECT""," + "\n" +
@" ""grantTypes"": [" + "\n" +
@" ""AUTHORIZATION_CODE""" + "\n" +
@" ]," + "\n" +
@" ""redirectUris"": [" + "\n" +
@" ""https://example.com""" + "\n" +
@" ]," + "\n" +
@" ""responseTypes"": [" + "\n" +
@" ""CODE""" + "\n" +
@" ]," + "\n" +
@" ""tokenEndpointAuthMethod"": ""NONE""," + "\n" +
@" ""pkceEnforcement"": ""S256_REQUIRED""," + "\n" +
@" ""refreshTokenDuration"": 86400," + "\n" +
@" ""refreshTokenRollingDuration"": 86400" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{apiPath}}/environments/{{envID}}/applications"
method := "POST"
payload := strings.NewReader(`{
"enabled": true,
"name": "SPA_withAuthCode{{$timestamp}}",
"description": "OIDC App (Single Page App)",
"type": "SINGLE_PAGE_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "NONE",
"pkceEnforcement": "S256_REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Bearer {{accessToken}}")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}POST /environments/{{envID}}/applications HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}
{
"enabled": true,
"name": "SPA_withAuthCode{{$timestamp}}",
"description": "OIDC App (Single Page App)",
"type": "SINGLE_PAGE_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "NONE",
"pkceEnforcement": "S256_REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n \"enabled\": true,\n \"name\": \"SPA_withAuthCode{{$timestamp}}\",\n \"description\": \"OIDC App (Single Page App)\",\n \"type\": \"SINGLE_PAGE_APP\",\n \"protocol\": \"OPENID_CONNECT\",\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\"\n ],\n \"redirectUris\": [\n \"https://example.com\"\n ],\n \"responseTypes\": [\n \"CODE\"\n ],\n \"tokenEndpointAuthMethod\": \"NONE\",\n \"pkceEnforcement\": \"S256_REQUIRED\",\n \"refreshTokenDuration\": 86400,\n \"refreshTokenRollingDuration\": 86400\n}");
Request request = new Request.Builder()
.url("{{apiPath}}/environments/{{envID}}/applications")
.method("POST", body)
.addHeader("Content-Type", "application/json")
.addHeader("Authorization", "Bearer {{accessToken}}")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{apiPath}}/environments/{{envID}}/applications",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer {{accessToken}}"
},
"data": JSON.stringify({
"enabled": true,
"name": "SPA_withAuthCode{{$timestamp}}",
"description": "OIDC App (Single Page App)",
"type": "SINGLE_PAGE_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "NONE",
"pkceEnforcement": "S256_REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
}),
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'POST',
'url': '{{apiPath}}/environments/{{envID}}/applications',
'headers': {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
},
body: JSON.stringify({
"enabled": true,
"name": "SPA_withAuthCode{{$timestamp}}",
"description": "OIDC App (Single Page App)",
"type": "SINGLE_PAGE_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "NONE",
"pkceEnforcement": "S256_REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
import json
url = "{{apiPath}}/environments/{{envID}}/applications"
payload = json.dumps({
"enabled": True,
"name": "SPA_withAuthCode{{$timestamp}}",
"description": "OIDC App (Single Page App)",
"type": "SINGLE_PAGE_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "NONE",
"pkceEnforcement": "S256_REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
})
headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/applications');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/json',
'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n "enabled": true,\n "name": "SPA_withAuthCode{{$timestamp}}",\n "description": "OIDC App (Single Page App)",\n "type": "SINGLE_PAGE_APP",\n "protocol": "OPENID_CONNECT",\n "grantTypes": [\n "AUTHORIZATION_CODE"\n ],\n "redirectUris": [\n "https://example.com"\n ],\n "responseTypes": [\n "CODE"\n ],\n "tokenEndpointAuthMethod": "NONE",\n "pkceEnforcement": "S256_REQUIRED",\n "refreshTokenDuration": 86400,\n "refreshTokenRollingDuration": 86400\n}');
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "json"
require "net/http"
url = URI("{{apiPath}}/environments/{{envID}}/applications")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
"enabled": true,
"name": "SPA_withAuthCode{{\$timestamp}}",
"description": "OIDC App (Single Page App)",
"type": "SINGLE_PAGE_APP",
"protocol": "OPENID_CONNECT",
"grantTypes": [
"AUTHORIZATION_CODE"
],
"redirectUris": [
"https://example.com"
],
"responseTypes": [
"CODE"
],
"tokenEndpointAuthMethod": "NONE",
"pkceEnforcement": "S256_REQUIRED",
"refreshTokenDuration": 86400,
"refreshTokenRollingDuration": 86400
})
response = http.request(request)
puts response.read_bodylet parameters = "{\n \"enabled\": true,\n \"name\": \"SPA_withAuthCode{{$timestamp}}\",\n \"description\": \"OIDC App (Single Page App)\",\n \"type\": \"SINGLE_PAGE_APP\",\n \"protocol\": \"OPENID_CONNECT\",\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\"\n ],\n \"redirectUris\": [\n \"https://example.com\"\n ],\n \"responseTypes\": [\n \"CODE\"\n ],\n \"tokenEndpointAuthMethod\": \"NONE\",\n \"pkceEnforcement\": \"S256_REQUIRED\",\n \"refreshTokenDuration\": 86400,\n \"refreshTokenRollingDuration\": 86400\n}"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/applications")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")
request.httpMethod = "POST"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
201 Created
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/15a89774-c504-4993-bc9d-71bec1392e1c"
},
"environment": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"attributes": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/15a89774-c504-4993-bc9d-71bec1392e1c/attributes"
},
"secret": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/15a89774-c504-4993-bc9d-71bec1392e1c/secret"
},
"grants": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/15a89774-c504-4993-bc9d-71bec1392e1c/grants"
},
"keyRotationPolicy": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/keyRotationPolicies/38c6ccb0-bfd9-4e6b-ace7-4651c52a3c2c"
}
},
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"id": "15a89774-c504-4993-bc9d-71bec1392e1c",
"name": "SPA_withAuthCode1721677860",
"description": "OIDC App (Single Page App)",
"enabled": true,
"hiddenFromAppPortal": false,
"type": "SINGLE_PAGE_APP",
"protocol": "OPENID_CONNECT",
"createdAt": "2024-07-22T19:50:59.934Z",
"updatedAt": "2024-07-22T19:50:59.934Z",
"assignActorRoles": false,
"responseTypes": [
"CODE"
],
"pkceEnforcement": "S256_REQUIRED",
"redirectUris": [
"https://example.com"
],
"deviceTimeout": 600,
"grantTypes": [
"AUTHORIZATION_CODE"
],
"refreshTokenDuration": 86400,
"additionalRefreshTokenReplayProtectionEnabled": true,
"tokenEndpointAuthMethod": "NONE",
"refreshTokenRollingDuration": 86400,
"parRequirement": "OPTIONAL",
"devicePollingInterval": 5,
"parTimeout": 60,
"signing": {
"keyRotationPolicy": {
"id": "38c6ccb0-bfd9-4e6b-ace7-4651c52a3c2c"
}
}
}