PingOne Platform APIs

Add a Custom Claim to an Access Token

This activity shows you how to define a custom resource and custom scope and add the custom scope as a claim in an access token.

The following operations are supported by the PingOne APIs:

  • Create an application

  • Create a custom resource and scope

  • Create a resource attribute mapping

  • Initiate authorization and complete the authentication flow

  • Verify the custom claim in the access token

Prerequisites

Get an access token from the worker application that you created in Create an admin Worker app connection. To get a token from a different worker application in an alternate sandbox environment, run the token request endpoint using the client ID and client secret of your chosen worker app to authenticate the request. For more information, refer to Get a PingOne admin access token.

Workflow order of operations

To add a custom claim to an access token, the following tasks must be completed successfully:

  1. Make a POST request to /environments/{{envID}}/applications to add a new application to the specified environment.

  2. Make a POST request to /environments/{{envID}}/resources to define a custom resource.

  3. Make a POST request to /environments/{{envID}}/resources/{{resourceID}}/scopes to define a scope for the custom resource.

  4. Make a POST request to /environments/{{envID}}/resources/{{resourceID}}/attribute to define a resource attribute mapping.

  5. Make a POST request to /environments/{{envID}}/applications/{{appID}}/grants to create the access grant for the application.

  6. Make a POST request to /environments/{{envID}}/populations to create a new population resource.

  7. Make a POST request to /environments/{{envID}}/users to create a user who will be assigned to the new population resource.

  8. Make a POST request to /environments/{{envID}}/users/{{userID}}/password to set the new user’s password.

  9. Make a GET request to /{{envID}}/as/authorize to obtain an authorization grant. This request starts the authorization and authentication flow.

  10. To initiate the authentication flow, make a GET request to /{{envID}}/flows/{{flowID}}.

  11. To complete the authentication flow, make a POST request to /{{envID}}/flows/{{flowID}} and provide the user’s login credentials.

  12. Make a GET request to /{{envID}}/as/resume?flowId={{flowID}} to call the resume endpoint and return the token.

Click the Run in Postman button below to fork, or download and import, the Postman collection for this workflow to your workspace.

Run in Postman