PingOne Platform APIs

Step 2: Create a DaVinci OIDC Identity Provider

   

POST {{apiPath}}/environments/{{envID}}/identityProviders

Create a new OIDC external identity provider using the POST {{apiPath}}/environments/{{destinationEnvID}}/identityProviders request.

  • In the request body, the following properties must be set:

  • The name property value must be unique to the environment.

  • The clientId specifies the ID of the DaVinci application you created in DaVinci.

  • The clientSecret specifies the DaVinci application’s client secret key.

  • The discoveryEndpoint in the request body is the DaVinci discovery endpoint URL.

  • The authorizationEndpoint is the DaVinci authorize endpoint that includes the DaVinci flow policy ID in the URL.

  • The tokenEndpoint is the DaVinci token endpoint (not the PingOne token endpoint).

See the example request body for the other required DaVinci properties. The response returns an identity provider ID that you’ll use in Step 4.

Headers

Authorization      Bearer {{accessToken}}

Content-Type      application/json

Body

raw ( application/json )

{
    "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.",
    "enabled": true,
    "name": "PingOne_DaVinci",
    "type": "OPENID_CONNECT",
    "clientId": "{{davinciAppID}}",
    "clientSecret": "{{davinciAppClientSecret}}",
    "registration":{
      "population":{
         "id":"{{populationID}}"
      }
    },
    "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize",
    "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token",
    "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo",
    "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks",
    "issuer": "https://auth.pingone.com/{{envID}}/davinci",
    "scopes": ["openid", "profile"],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration",
    "pkceMethod":"NONE"
}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{apiPath}}/environments/{{envID}}/identityProviders' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.",
    "enabled": true,
    "name": "PingOne_DaVinci",
    "type": "OPENID_CONNECT",
    "clientId": "{{davinciAppID}}",
    "clientSecret": "{{davinciAppClientSecret}}",
    "registration":{
      "population":{
         "id":"{{populationID}}"
      }
    },
    "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize",
    "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token",
    "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo",
    "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks",
    "issuer": "https://auth.pingone.com/{{envID}}/davinci",
    "scopes": ["openid", "profile"],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration",
    "pkceMethod":"NONE"
}'
var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/identityProviders")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""description"": ""PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.""," + "\n" +
@"    ""enabled"": true," + "\n" +
@"    ""name"": ""PingOne_DaVinci""," + "\n" +
@"    ""type"": ""OPENID_CONNECT""," + "\n" +
@"    ""clientId"": ""{{davinciAppID}}""," + "\n" +
@"    ""clientSecret"": ""{{davinciAppClientSecret}}""," + "\n" +
@"    ""registration"":{" + "\n" +
@"      ""population"":{" + "\n" +
@"         ""id"":""{{populationID}}""" + "\n" +
@"      }" + "\n" +
@"    }," + "\n" +
@"    ""authorizationEndpoint"": ""https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize""," + "\n" +
@"    ""tokenEndpoint"": ""https://auth.pingone.com/{{envID}}/davinci/token""," + "\n" +
@"    ""userInfoEndpoint"": ""https://auth.pingone.com/{{envID}}/davinci/userinfo""," + "\n" +
@"    ""jwksEndpoint"": ""https://auth.pingone.com/{{envID}}/davinci/jwks""," + "\n" +
@"    ""issuer"": ""https://auth.pingone.com/{{envID}}/davinci""," + "\n" +
@"    ""scopes"": [""openid"", ""profile""]," + "\n" +
@"    ""tokenEndpointAuthMethod"": ""CLIENT_SECRET_BASIC""," + "\n" +
@"    ""discoveryEndpoint"": ""https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration""," + "\n" +
@"    ""pkceMethod"":""NONE""" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/identityProviders"
  method := "POST"

  payload := strings.NewReader(`{
    "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.",
    "enabled": true,
    "name": "PingOne_DaVinci",
    "type": "OPENID_CONNECT",
    "clientId": "{{davinciAppID}}",
    "clientSecret": "{{davinciAppClientSecret}}",
    "registration":{
      "population":{
         "id":"{{populationID}}"
      }
    },
    "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize",
    "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token",
    "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo",
    "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks",
    "issuer": "https://auth.pingone.com/{{envID}}/davinci",
    "scopes": ["openid", "profile"],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration",
    "pkceMethod":"NONE"
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /environments/{{envID}}/identityProviders HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}

{
    "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.",
    "enabled": true,
    "name": "PingOne_DaVinci",
    "type": "OPENID_CONNECT",
    "clientId": "{{davinciAppID}}",
    "clientSecret": "{{davinciAppClientSecret}}",
    "registration":{
      "population":{
         "id":"{{populationID}}"
      }
    },
    "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize",
    "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token",
    "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo",
    "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks",
    "issuer": "https://auth.pingone.com/{{envID}}/davinci",
    "scopes": ["openid", "profile"],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration",
    "pkceMethod":"NONE"
}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"description\": \"PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.\",\n    \"enabled\": true,\n    \"name\": \"PingOne_DaVinci\",\n    \"type\": \"OPENID_CONNECT\",\n    \"clientId\": \"{{davinciAppID}}\",\n    \"clientSecret\": \"{{davinciAppClientSecret}}\",\n    \"registration\":{\n      \"population\":{\n         \"id\":\"{{populationID}}\"\n      }\n    },\n    \"authorizationEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize\",\n    \"tokenEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/token\",\n    \"userInfoEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/userinfo\",\n    \"jwksEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/jwks\",\n    \"issuer\": \"https://auth.pingone.com/{{envID}}/davinci\",\n    \"scopes\": [\"openid\", \"profile\"],\n    \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\",\n    \"discoveryEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration\",\n    \"pkceMethod\":\"NONE\"\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/identityProviders")
  .method("POST", body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/identityProviders",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.",
    "enabled": true,
    "name": "PingOne_DaVinci",
    "type": "OPENID_CONNECT",
    "clientId": "{{davinciAppID}}",
    "clientSecret": "{{davinciAppClientSecret}}",
    "registration": {
      "population": {
        "id": "{{populationID}}"
      }
    },
    "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize",
    "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token",
    "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo",
    "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks",
    "issuer": "https://auth.pingone.com/{{envID}}/davinci",
    "scopes": [
      "openid",
      "profile"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration",
    "pkceMethod": "NONE"
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/environments/{{envID}}/identityProviders',
  'headers': {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.",
    "enabled": true,
    "name": "PingOne_DaVinci",
    "type": "OPENID_CONNECT",
    "clientId": "{{davinciAppID}}",
    "clientSecret": "{{davinciAppClientSecret}}",
    "registration": {
      "population": {
        "id": "{{populationID}}"
      }
    },
    "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize",
    "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token",
    "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo",
    "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks",
    "issuer": "https://auth.pingone.com/{{envID}}/davinci",
    "scopes": [
      "openid",
      "profile"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
    "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration",
    "pkceMethod": "NONE"
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests
import json

url = "{{apiPath}}/environments/{{envID}}/identityProviders"

payload = json.dumps({
  "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.",
  "enabled": True,
  "name": "PingOne_DaVinci",
  "type": "OPENID_CONNECT",
  "clientId": "{{davinciAppID}}",
  "clientSecret": "{{davinciAppClientSecret}}",
  "registration": {
    "population": {
      "id": "{{populationID}}"
    }
  },
  "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize",
  "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token",
  "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo",
  "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks",
  "issuer": "https://auth.pingone.com/{{envID}}/davinci",
  "scopes": [
    "openid",
    "profile"
  ],
  "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
  "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration",
  "pkceMethod": "NONE"
})
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/identityProviders');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.",\n    "enabled": true,\n    "name": "PingOne_DaVinci",\n    "type": "OPENID_CONNECT",\n    "clientId": "{{davinciAppID}}",\n    "clientSecret": "{{davinciAppClientSecret}}",\n    "registration":{\n      "population":{\n         "id":"{{populationID}}"\n      }\n    },\n    "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize",\n    "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token",\n    "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo",\n    "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks",\n    "issuer": "https://auth.pingone.com/{{envID}}/davinci",\n    "scopes": ["openid", "profile"],\n    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",\n    "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration",\n    "pkceMethod":"NONE"\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/identityProviders")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "description": "PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.",
  "enabled": true,
  "name": "PingOne_DaVinci",
  "type": "OPENID_CONNECT",
  "clientId": "{{davinciAppID}}",
  "clientSecret": "{{davinciAppClientSecret}}",
  "registration": {
    "population": {
      "id": "{{populationID}}"
    }
  },
  "authorizationEndpoint": "https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize",
  "tokenEndpoint": "https://auth.pingone.com/{{envID}}/davinci/token",
  "userInfoEndpoint": "https://auth.pingone.com/{{envID}}/davinci/userinfo",
  "jwksEndpoint": "https://auth.pingone.com/{{envID}}/davinci/jwks",
  "issuer": "https://auth.pingone.com/{{envID}}/davinci",
  "scopes": [
    "openid",
    "profile"
  ],
  "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
  "discoveryEndpoint": "https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration",
  "pkceMethod": "NONE"
})

response = http.request(request)
puts response.read_body
let parameters = "{\n    \"description\": \"PingOne DaVinci is a cloud identity orchestration service that acts as an identity provider. It allows end users to authenticate and interact with orchestration flows.\",\n    \"enabled\": true,\n    \"name\": \"PingOne_DaVinci\",\n    \"type\": \"OPENID_CONNECT\",\n    \"clientId\": \"{{davinciAppID}}\",\n    \"clientSecret\": \"{{davinciAppClientSecret}}\",\n    \"registration\":{\n      \"population\":{\n         \"id\":\"{{populationID}}\"\n      }\n    },\n    \"authorizationEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/policy/{{policyID}}/authorize\",\n    \"tokenEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/token\",\n    \"userInfoEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/userinfo\",\n    \"jwksEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/jwks\",\n    \"issuer\": \"https://auth.pingone.com/{{envID}}/davinci\",\n    \"scopes\": [\"openid\", \"profile\"],\n    \"tokenEndpointAuthMethod\": \"CLIENT_SECRET_BASIC\",\n    \"discoveryEndpoint\": \"https://auth.pingone.com/{{envID}}/davinci/.well-known/openid-configuration\",\n    \"pkceMethod\":\"NONE\"\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/identityProviders")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()