PingOne Platform APIs

Configure an Application with an Authorization Code Grant

This activity shows you how to create an application, configure its connection settings, create a resource access grant, and initiate an authorization request. After an access token is generated, it is used by a user to update a user attribute.

The following operations are supported by the PingOne APIs:

  • Create an application

  • Create a resource access grant

  • Initiate an authorization_code authorization flow

  • Update a user attribute

Best practices for application secrets

  • Do not store an application secret in applications that are publicly available.

  • For security purposes, regenerate application secrets regularly (refer to Update the application secret).

  • If you suspect an application secret has been compromised, generate a new application secret immediately.

Prerequisites

Get an access token from the worker application that you created in Create an admin Worker app connection. To get a token from a different worker application in an alternate sandbox environment, run the token request endpoint using the client ID and client secret of your chosen worker app to authenticate the request. For more information, refer to Get a PingOne admin access token.

Workflow order of operations

To configure an application and initiate an authorization code flow, the following tasks must be completed successfully:

  1. Make a POST request to /environments/{{envID}}/applications to add a new application to the specified environment.

  2. Make a GET request to /environments/{{envID}}/applications/{{appID}}/secret to return the new application’s secret attribute.

  3. Make a GET request to /environments/{{envID}}/resources to return a list of all resource entities associated with the specified environment to get the ID for the PingOne platform resource.

  4. Make a GET request to /environments/{{envID}}/resources/{{resourceID}}/scopes to list all scopes associated with a specified resource (the PingOne platform resource).

  5. Make a POST request to /environments/{{envID}}/applications/{{appID}}/grants to create a new resource access grant for the application.

  6. Make a POST request to /environments/{{envID}}/populations to create a new population resource.

  7. Make a POST request to /environments/{{envID}}/users to create a user who will be associated with the new population resource.

  8. Make a POST request to /environments/{{envID}}/users/{{userID}}/password to set the new user’s password.

  9. Make a POST request to /{{envID}}/as/authorize to obtain an authorization grant. This request starts the authorization flow.

  10. To initiate the authentication flow, make a GET request to GET /{{envID}}/flows/{{flowID}}.

  11. To complete the authentication flow, make a POST request to GET /{{envID}}/flows/{{flowID}} and provide the user’s login credentials.

  12. Make a GET request to /{{envID}}/as/resume?flowId={{flowID}} to call the resume endpoint and return the token.

  13. After the authorization flow completes and returns an auth code, make a POST request to /{{envID}}/as/token to exchange the auth code for an access token.

Click the Run in Postman button below to fork, or download and import, the Postman collection for this workflow to your workspace.

Run in Postman