Create a new OpenID Connect (OIDC) application or modify an existing application in PingOne for Enterprise.
Before you add an OIDC application, you must configure the access token that your account will use for OIDC applications. These account-level settings are inherited at the application level when you add or update an application.
Account-level OAuth settings apply only to your managed applications, not to applications supplied by a service provider (SP).
PingOne for Enterprise returns OIDC user attributes in different ways depending on the response_type parameter.
The contents of the ID token depend on whether or not the application also returns an access token:
- For flows that return both an access token and an ID token (such as
authorization code flow, or implicit flows where the
response_type includes token) the ID
token contains the
sub
and, if requested,email
scopes. Theuserinfo
endpoint contains all of the attributes for the requested scopes and attributes configured on the User Info tab for the application, if theopenid
scope was requested. - For flows that don't return an access token, the ID token contains all of the
attributes for the requested scopes and any attributes configured on the
User Info tab for the application, if the
openid
scope was requested. Theuserinfo
endpoint is inaccessible in this case because no access token is issued.
The access token contains attributes configured at
.For more information, see Configuring your OAuth settings.
When you add an OIDC application, you must have access to the necessary configuration information for the application. For applications supplied by an SP, the SP will direct you to this information.
The new OIDC application is added to your My Applications list for OIDC. You can edit the application configuration by clicking the Edit icon.
Integrate your OIDC applicationwith PingOne for Enterprise.