Token Management Connector
The Token Management connector lets you create and read JSON Web Token (JWT) tokens and manage OpenID Connect (OIDC) redirects in your PingOne DaVinci flow.
You can use the Token Management connector to:
-
Create ID, access, or JWT tokens.
-
Get details about tokens.
-
Redirect user with error.
Setup
Configuring the Token Management connector
Add the connector in DaVinci as shown in Adding a connector, then configure it as follows.
This connector doesn’t have a configuration at the environment level. You configure it in your flow instead. |
Using the connector in a flow
Token creation
The connector has several capabilities that allow you to create tokens:
-
Create Tokens with OIDC Redirect
-
Create Tokens with Custom Claims
-
Create Tokens without OIDC Redirect
No special configuration is needed. Add the capability and populate its properties according to the help text.
Token details
The connector has several capabilities that allow you to get details about tokens:
-
Get Session Token Details
-
Validate Token Details
No special configuration is needed. Add the capability and populate its properties according to the help text.
Validating and parsing a JWT token
You can use the Validate JWT Token capability to parse and validate a JSON Web Token (JWT). The capability parses by getting the details, or claims, from the JWT token, such as the issuer, subject, or audience. Then, the capability validates by accepting the JWT token if it meets criteria, such as whether it has expired or if it has the correct issuer or audience.
If the validation rules are set and the JWT token passes, then the claims are parsed and output from the capability. If the validation rules are set and the JWT token fails, the flow continues down the False branch.
Capabilities
Create Tokens
ID/Access/Session JWT Tokens and OIDC Redirect
Show details
- Properties
- createSessionTokenFlag
toggleSwitch
- Input Schema
- default
object
- userInfo
object
- skOpenId
object
- domainPublicHost
string
Create Tokens with Custom Claims
ID/Access/Session JWT Tokens with Custom Claims and OIDC Redirect
Show details
- Properties
- claimsNameValuePairs
selectNameValueListColumn
- idTokenExpiry
textField
- claimsNameValuePairsAccessToken
selectNameValueListColumn
- accessTokenExpiry
textField
- createSessionTokenFlag
toggleSwitch
- claimsNameValuePairsSessionToken
selectNameValueListColumn
- sessionTokenExpiry
textField
- customScopesFlag
toggleSwitch
- customScopes
textField
- customScopesSeparateField
toggleSwitch
- customScopesSeparateFieldName
textField
- encryptionFlag
toggleSwitch
- encryptionKey
codeEditor
- encryptionAlg
dropDown
- encryptionContentAlg
dropDown
- shadowUserNotPresentFlag
toggleSwitch
- Input Schema
- default
object
- userInfo
object
- skOpenId
object
- domainPublicHost
string
Get Session Token Details
Session Token claims are extracted from the JWT token
Show details
- Properties
- sessionTokenName
textField
-
Default:
sessionToken
- sessionTokenLocation
dropDown
- sessionToken
textField
- resolveToUser
toggleSwitch
- Input Schema
- default
object
- type
object
- Output Schema
- output
object
- claims
object
- properties
object
- sub
string
- aud
string
- iss
string
- usage
string
- loa
number
- scope
string
- jti
string
- iat
number
- exp
number
Get Token Details
Claims are extracted from any JWT token signed by DaVinci
Show details
- Properties
- genericToken
textField
- errorOnExpiry
toggleSwitch
- Input Schema
- default
object
- type
object
- Output Schema
- output
object
- claims
object
- properties
object
- sub
string
- aud
string
- iss
string
- usage
string
- loa
number
- scope
string
- jti
string
- iat
number
- exp
number
Redirect User with Error
Redirect user to RP with standard/customized error
Show details
- Properties
- customErrorFlag
toggleSwitch
- errorMessage
textField
- errorDescription
textField
- errorCode
textField
- errorReason
textField
- Input Schema
- default
object
- skOpenId
object
Create Tokens
Create Tokens (without any OIDC Redirect).
Show details
- Properties
- createIdTokenFlag
toggleSwitch
- claimsNameValuePairs
selectNameValueListColumn
- idTokenExpiry
textField
- createAccessTokenFlag
toggleSwitch
- claimsNameValuePairsAccessToken
selectNameValueListColumn
- accessTokenExpiry
textField
- createSessionTokenFlag
toggleSwitch
- claimsNameValuePairsSessionToken
selectNameValueListColumn
- sessionTokenExpiry
textField
- customScopesFlag
toggleSwitch
- customScopes
textField
- customScopesSeparateField
toggleSwitch
- customScopesSeparateFieldName
textField
- Input Schema
- default
object
- userInfo
object
- skOpenId
object
- domainPublicHost
string
- Output Schema
- output
object
- access_token
string
- id_token
string
- session_token
string