PingOne Platform APIs

Configure an Interactive Worker Application

This activity shows you how to create an interactive worker application, configure its connection settings, view the application role assignments, assign roles to an admin user, and initiate an authorization request.

The following operations are supported by the PingOne APIs:

  • Create an application

  • Read application role assignments

  • Create an admin population and an admin user

  • Assign roles to the admin user

  • Initiate an authorization_code authorization and authentication flow

Best practices for application secrets

  • Do not store an application secret in applications that are publicly available.

  • For security purposes, regenerate application secrets regularly (refer to Update the application secret).

  • If you suspect an application secret has been compromised, generate a new application secret immediately.

Prerequisites

Get an access token from the worker application that you created in Create an admin Worker app connection. To get a token from a different worker application in an alternate sandbox environment, run the token request endpoint using the client ID and client secret of your chosen worker app to authenticate the request. For more information, refer to Get a PingOne admin access token.

Workflow order of operations

To configure an interactive worker admin application and initiate an authentication flow, the following tasks must be completed successfully:

  1. Make a POST request to /environments/{{envID}}/applications to add a new application to the specified environment.

  2. Make a GET request to /environments/{{envID}}/applications/{{appID}}/secret to get the application’s secret, which is needed to authenticate the token request.

  3. Make a GET request to /environments/{{envID}}/applications/{{appID}}/roleAssignments to return a list of roles assigned to the application.

  4. Make a POST request to /environments/{{envID}}/signOnPolicies to create a new sign-on policy.

  5. Make a POST request to /environments/{{envID}}/signOnPolicies/{{policyID}}/actions to add a login action to the sign-on policy.

  6. Make a POST request to /environments/{{envID}}/applications/{{appID}}/signOnPolicyAssignments to associate the new sign-on policy with the application.

  7. Make a POST request to /environments/{{envID}}/populations to create a new admin population resource.

  8. Make a POST request to /environments/{{envID}}/users to create an admin user who will be assigned to the new population resource.

  9. Make a PUT request to /environments/{{envID}}/users/{{userID}}/password to set the new user’s password.

  10. Make a GET request to /roles to read all roles.

  11. Make a POST request to /environments/{{envID}}/users/{{userID}}/roleAssignments to assign a role to the new admin user.

  12. Make a GET request to /{{envID}}/as/authorize to initiate an authorization request. This request starts the sign-on flow.

  13. Make a GET request to GET /{{envID}}/flows/{{flowID}} to initiate the authentication flow.

  14. To complete the authentication flow, make a POST request to /{{envID}}/flows/{{flowID}} and provide the user’s login credentials.

  15. Make a GET request to /{{envID}}/as/resume?flowId={{flowID}} to call the resume endpoint and return the auth code.

  16. Make a POST request to /{{envID}}/as/token to exchange the auth code for an access token.

Click the Run in Postman button below to fork, or download and import, the Postman collection for this workflow to your workspace.

Run in Postman