PingOne Platform APIs

Use an authentication JWT for token fulfillment

This activity shows you how to use information from a source authentication JWT to add claims to the PingOne token. For more information about token fulfillment, refer to Use an authentication JWT for token fulfillment in the PingOne API Reference.

The following operations are supported by the PingOne APIs:

  • Create an application

  • Create a custom resource, a custom scope, and an attribute mapping

  • Create a user

  • Initiate an authorize request

  • Use flow APIs to complete the login

  • Submit a token request

  • Run the token introspection endpoint to view the claim added from the authentication JWT

Prerequisites

Get an access token from the worker application that you created in Create an admin Worker app connection. To get a token from a different worker application in an alternate sandbox environment, run the token request endpoint using the client ID and client secret of your chosen worker app to authenticate the request. For more information, refer to Get a PingOne admin access token.

Workflow order of operations

To configure this workflow, you must complete the following tasks:

  1. Make a POST request to /environments/{{envID}}/applications to add a new application to the specified environment.

  2. Make a GET request to /environments/{{envID}}/applications/{{appID}}/secret to return the new application’s secret attribute.

  3. Make a POST request to /environments/{{envID}}/resources to define a custom resource.

  4. Make a POST request to /environments/{{envID}}/resources/{{resourceID}}/scopes to define a scope for the custom resource.

  5. Make a POST request to /environments/{{envID}}/resources/{{resourceID}}/attribute to define a resource attribute mapping.

  6. Make a POST request to /environments/{{envID}}/applications/{{appID}}/grants to create the access grant for the application.

  7. Make a POST request to /environments/{{envID}}/populations to create a new population resource.

  8. Make a POST request to /environments/{{envID}}/users to create a user.

  9. Make a PUT request to /environments/{{envID}}/users/{{userID}}/password to set the new user’s password.

  10. Make a GET request to /{{envID}}/as/authorize to submit the authorize request.

  11. Make a GET request to /{{envID}}/flows/{{flowID}} to initiate the sign-on flow.

  12. To complete the login action, make a POST request to /{{envID}}/flows/{{flowID}} and provide the user’s login credentials.

  13. Make a GET request to /{{envID}}/as/resume?flowId={{flowID}} to call the resume endpoint and return the auth code.

  14. Make a POST request to /{{envID}}/as/token to exchange the auth code for an access token.

  15. To verify that the token includes the specified property from the authentication JWT, make a POST request to /{{envID}}/as/introspect to return the token claims.

Click the Run in Postman button below to fork, or download and import, the Postman collection for this workflow to your workspace.

Run in Postman