Step 1: Create an application
POST {{apiPath}}/environments/{{envID}}/applicationsYou can use the POST {{apiPath}}/environments/{{envID}}/applications endpoint to create the new application. In this case, to return a refresh token, the application’s grantTypes property specifies both the AUTHORIZATION_CODE and the REFRESH_TOKEN grant types.
For the REFRESH_TOKEN grant, the application configuration supports the following properties in the request body:
-
refreshTokenDurationThe lifetime in seconds of the refresh token.
-
refreshTokenRollingDurationThe number of seconds a refresh token can be exchanged before re-authentication is required.
-
refreshTokenRollingGracePeriodDurationThe number of seconds that a refresh token may be reused after having been exchanged for a new set of tokens.
The response data returns information about the new application, including its id property, which identifies the UUID for this application resource. The application’s UUID is required in the next step to get the application’s secret.
Body
raw ( application/json )
{
"name": "AppWithCodeGrant_{{$timestamp}}",
"enabled": true,
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"responseTypes": [
"CODE"
],
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"refreshTokenDuration": 2592000,
"refreshTokenRollingDuration": 2592000,
"refreshTokenRollingGracePeriodDuration": 60,
"postLogoutRedirectUris": [
"https://www.example.com"
],
"redirectUris": [
"https://www.example.com"
]
}Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{apiPath}}/environments/{{envID}}/applications' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
"name": "AppWithCodeGrant_{{$timestamp}}",
"enabled": true,
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"responseTypes": [
"CODE"
],
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"refreshTokenDuration": 2592000,
"refreshTokenRollingDuration": 2592000,
"refreshTokenRollingGracePeriodDuration": 60,
"postLogoutRedirectUris": [
"https://www.example.com"
],
"redirectUris": [
"https://www.example.com"
]
}'var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/applications")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@" ""name"": ""AppWithCodeGrant_{{$timestamp}}""," + "\n" +
@" ""enabled"": true," + "\n" +
@" ""type"": ""WEB_APP""," + "\n" +
@" ""protocol"": ""OPENID_CONNECT""," + "\n" +
@" ""responseTypes"": [" + "\n" +
@" ""CODE""" + "\n" +
@" ]," + "\n" +
@" ""grantTypes"": [" + "\n" +
@" ""AUTHORIZATION_CODE""," + "\n" +
@" ""REFRESH_TOKEN""" + "\n" +
@" ]," + "\n" +
@" ""tokenEndpointAuthMethod"": ""CLIENT_SECRET_BASIC""," + "\n" +
@" ""refreshTokenDuration"": 2592000," + "\n" +
@" ""refreshTokenRollingDuration"": 2592000," + "\n" +
@" ""refreshTokenRollingGracePeriodDuration"": 60," + "\n" +
@" ""postLogoutRedirectUris"": [" + "\n" +
@" ""https://www.example.com""" + "\n" +
@" ]," + "\n" +
@" ""redirectUris"": [" + "\n" +
@" ""https://www.example.com""" + "\n" +
@" ]" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{apiPath}}/environments/{{envID}}/applications"
method := "POST"
payload := strings.NewReader(`{
"name": "AppWithCodeGrant_{{$timestamp}}",
"enabled": true,
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"responseTypes": [
"CODE"
],
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"refreshTokenDuration": 2592000,
"refreshTokenRollingDuration": 2592000,
"refreshTokenRollingGracePeriodDuration": 60,
"postLogoutRedirectUris": [
"https://www.example.com"
],
"redirectUris": [
"https://www.example.com"
]
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Bearer {{accessToken}}")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}POST /environments/{{envID}}/applications HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}
{
"name": "AppWithCodeGrant_{{$timestamp}}",
"enabled": true,
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"responseTypes": [
"CODE"
],
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"refreshTokenDuration": 2592000,
"refreshTokenRollingDuration": 2592000,
"refreshTokenRollingGracePeriodDuration": 60,
"postLogoutRedirectUris": [
"https://www.example.com"
],
"redirectUris": [
"https://www.example.com"
]
}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n \"name\": \"AppWithCodeGrant_{{$timestamp}}\",\n \"enabled\": true,\n \"type\": \"WEB_APP\",\n \"protocol\": \"OPENID_CONNECT\",\n \"responseTypes\": [\n \"CODE\"\n ],\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\",\n \"REFRESH_TOKEN\"\n ],\n \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\",\n \"refreshTokenDuration\": 2592000,\n \"refreshTokenRollingDuration\": 2592000,\n \"refreshTokenRollingGracePeriodDuration\": 60,\n \"postLogoutRedirectUris\": [\n \"https://www.example.com\"\n ],\n \"redirectUris\": [\n \"https://www.example.com\"\n ]\n}");
Request request = new Request.Builder()
.url("{{apiPath}}/environments/{{envID}}/applications")
.method("POST", body)
.addHeader("Content-Type", "application/json")
.addHeader("Authorization", "Bearer {{accessToken}}")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{apiPath}}/environments/{{envID}}/applications",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer {{accessToken}}"
},
"data": JSON.stringify({
"name": "AppWithCodeGrant_{{$timestamp}}",
"enabled": true,
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"responseTypes": [
"CODE"
],
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"refreshTokenDuration": 2592000,
"refreshTokenRollingDuration": 2592000,
"refreshTokenRollingGracePeriodDuration": 60,
"postLogoutRedirectUris": [
"https://www.example.com"
],
"redirectUris": [
"https://www.example.com"
]
}),
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'POST',
'url': '{{apiPath}}/environments/{{envID}}/applications',
'headers': {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
},
body: JSON.stringify({
"name": "AppWithCodeGrant_{{$timestamp}}",
"enabled": true,
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"responseTypes": [
"CODE"
],
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"refreshTokenDuration": 2592000,
"refreshTokenRollingDuration": 2592000,
"refreshTokenRollingGracePeriodDuration": 60,
"postLogoutRedirectUris": [
"https://www.example.com"
],
"redirectUris": [
"https://www.example.com"
]
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
import json
url = "{{apiPath}}/environments/{{envID}}/applications"
payload = json.dumps({
"name": "AppWithCodeGrant_{{$timestamp}}",
"enabled": True,
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"responseTypes": [
"CODE"
],
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"refreshTokenDuration": 2592000,
"refreshTokenRollingDuration": 2592000,
"refreshTokenRollingGracePeriodDuration": 60,
"postLogoutRedirectUris": [
"https://www.example.com"
],
"redirectUris": [
"https://www.example.com"
]
})
headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/applications');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/json',
'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n "name": "AppWithCodeGrant_{{$timestamp}}",\n "enabled": true,\n "type": "WEB_APP",\n "protocol": "OPENID_CONNECT",\n "responseTypes": [\n "CODE"\n ],\n "grantTypes": [\n "AUTHORIZATION_CODE",\n "REFRESH_TOKEN"\n ],\n "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",\n "refreshTokenDuration": 2592000,\n "refreshTokenRollingDuration": 2592000,\n "refreshTokenRollingGracePeriodDuration": 60,\n "postLogoutRedirectUris": [\n "https://www.example.com"\n ],\n "redirectUris": [\n "https://www.example.com"\n ]\n}');
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "json"
require "net/http"
url = URI("{{apiPath}}/environments/{{envID}}/applications")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
"name": "AppWithCodeGrant_{{\$timestamp}}",
"enabled": true,
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"responseTypes": [
"CODE"
],
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"refreshTokenDuration": 2592000,
"refreshTokenRollingDuration": 2592000,
"refreshTokenRollingGracePeriodDuration": 60,
"postLogoutRedirectUris": [
"https://www.example.com"
],
"redirectUris": [
"https://www.example.com"
]
})
response = http.request(request)
puts response.read_bodylet parameters = "{\n \"name\": \"AppWithCodeGrant_{{$timestamp}}\",\n \"enabled\": true,\n \"type\": \"WEB_APP\",\n \"protocol\": \"OPENID_CONNECT\",\n \"responseTypes\": [\n \"CODE\"\n ],\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\",\n \"REFRESH_TOKEN\"\n ],\n \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\",\n \"refreshTokenDuration\": 2592000,\n \"refreshTokenRollingDuration\": 2592000,\n \"refreshTokenRollingGracePeriodDuration\": 60,\n \"postLogoutRedirectUris\": [\n \"https://www.example.com\"\n ],\n \"redirectUris\": [\n \"https://www.example.com\"\n ]\n}"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/applications")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")
request.httpMethod = "POST"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
201 Created
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/57ff8280-d575-4c64-b4e5-43bb347696da"
},
"environment": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"attributes": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/57ff8280-d575-4c64-b4e5-43bb347696da/attributes"
},
"secret": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/57ff8280-d575-4c64-b4e5-43bb347696da/secret"
},
"grants": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/57ff8280-d575-4c64-b4e5-43bb347696da/grants"
}
},
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"id": "57ff8280-d575-4c64-b4e5-43bb347696da",
"name": "AppWithCodeGrant_1694211442",
"enabled": true,
"hiddenFromAppPortal": false,
"type": "WEB_APP",
"protocol": "OPENID_CONNECT",
"createdAt": "2023-09-08T22:17:21.883Z",
"updatedAt": "2023-09-08T22:17:21.883Z",
"assignActorRoles": false,
"responseTypes": [
"CODE"
],
"pkceEnforcement": "OPTIONAL",
"redirectUris": [
"https://www.example.com"
],
"deviceTimeout": 600,
"grantTypes": [
"REFRESH_TOKEN",
"AUTHORIZATION_CODE"
],
"refreshTokenDuration": 2592000,
"additionalRefreshTokenReplayProtectionEnabled": true,
"tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"postLogoutRedirectUris": [
"https://www.example.com"
],
"refreshTokenRollingGracePeriodDuration": 60,
"refreshTokenRollingDuration": 2592000,
"parRequirement": "OPTIONAL",
"devicePollingInterval": 5,
"parTimeout": 60,
"signing": {
"keyRotationPolicy": {
"id": "38c6ccb0-bfd9-4e6b-ace7-4651c52a3c2c"
}
}
}