Show App Permissions in Token
This activity shows you how to create a custom resource and how to use PingOne Authorize endpoints to create application roles and permissions to associate with the custom resource. The custom resource configuration includes a setting to show application permissions as a claim in the access token.
The following operations are supported by the PingOne APIs:
-
Create an application
-
Create a custom resource
-
Create PingOne Authorize application resources, roles, and permissions
-
Create a sign-on policy
-
Create login sign-on policy action
-
Create a user
-
Initiate an authorize request
-
Use flow APIs to complete the login actions
-
Use the token request to get an access token for the custom resource
-
Use the token introspection endpoint to show application permissions in the access token
Prerequisites
-
You must have the
PING_ONE_AUTHORIZEcapability in the Bill of Materials (BOM) for your environment to run the PingOne Authorize requests to create application resources, application roles, and application permissions. -
Get an access token from the worker application you created in Create an admin Worker app connection. If you prefer to get a token from a different worker application in an alternate sandbox environment, run the token request endpoint using the client ID and client secret of your chosen worker app to authenticate the request. Refer to Get a PingOne admin access token.
Click the Run in Postman button below to fork, or download and import, the Postman collection for this workflow to your workspace.