Connectors

Token Management Connector

The Token Management connector lets you create and read JSON Web Token (JWT) tokens and manage OpenID Connect (OIDC) redirects in your PingOne DaVinci flow.

You can use the Token Management connector to:

  • Create ID, access, or JWT tokens.

  • Get details about tokens.

  • Redirect user with error.

Setup

Resources

For information and setup help, see the following:

Configuring the Token Management connector

Add the connector in DaVinci as shown in Adding a connector, then configure it as follows.

This connector doesn’t have a configuration at the environment level. You configure it in your flow instead.

Using the connector in a flow

Token creation

The connector has several capabilities that allow you to create tokens:

  • Create Tokens with OIDC Redirect

  • Create Tokens with Custom Claims

  • Create Tokens without OIDC Redirect

No special configuration is needed. Add the capability and populate its properties according to the help text.

Token details

The connector has several capabilities that allow you to get details about tokens:

  • Get Session Token Details

  • Validate Token Details

No special configuration is needed. Add the capability and populate its properties according to the help text.

Validating and parsing a JWT token

You can use the Validate JWT Token capability to parse and validate a JSON Web Token (JWT). The capability parses by getting the details, or claims, from the JWT token, such as the issuer, subject, or audience. Then, the capability validates by accepting the JWT token if it meets criteria, such as whether it has expired or if it has the correct issuer or audience.

If the validation rules are set and the JWT token passes, then the claims are parsed and output from the capability. If the validation rules are set and the JWT token fails, the flow continues down the False branch.

OIDC redirect with error

You can use the Redirect User with Error capability to redirect users with error.

No special configuration is needed. Add the capability and populate its properties according to the help text.

Capabilities

Create Tokens

ID/Access/Session JWT Tokens and OIDC Redirect

Show details
Properties
createSessionTokenFlag toggleSwitch
Input Schema
default object
userInfo object
skOpenId object
domainPublicHost string

Create Tokens with Custom Claims

ID/Access/Session JWT Tokens with Custom Claims and OIDC Redirect

Show details
Properties
claimsNameValuePairs selectNameValueListColumn
idTokenExpiry textField
claimsNameValuePairsAccessToken selectNameValueListColumn
accessTokenExpiry textField
createSessionTokenFlag toggleSwitch
claimsNameValuePairsSessionToken selectNameValueListColumn
sessionTokenExpiry textField
customScopesFlag toggleSwitch
customScopes textField
customScopesSeparateField toggleSwitch
customScopesSeparateFieldName textField
encryptionFlag toggleSwitch
encryptionKey codeEditor
encryptionAlg dropDown
encryptionContentAlg dropDown
shadowUserNotPresentFlag toggleSwitch
Input Schema
default object
userInfo object
skOpenId object
domainPublicHost string

Get Session Token Details

Session Token claims are extracted from the JWT token

Show details
Properties
sessionTokenName textField

Default:

sessionToken
sessionTokenLocation dropDown
sessionToken textField
resolveToUser toggleSwitch
Input Schema
default object
type object
Output Schema
output object
claims object
properties object
sub string
aud string
iss string
usage string
loa number
scope string
jti string
iat number
exp number

Get Token Details

Claims are extracted from any JWT token signed by DaVinci

Show details
Properties
genericToken textField
errorOnExpiry toggleSwitch
Input Schema
default object
type object
Output Schema
output object
claims object
properties object
sub string
aud string
iss string
usage string
loa number
scope string
jti string
iat number
exp number

Redirect User with Error

Redirect user to RP with standard/customized error

Show details
Properties
customErrorFlag toggleSwitch
errorMessage textField
errorDescription textField
errorCode textField
errorReason textField
Input Schema
default object
skOpenId object

Create Tokens

Create Tokens (without any OIDC Redirect).

Show details
Properties
createIdTokenFlag toggleSwitch
claimsNameValuePairs selectNameValueListColumn
idTokenExpiry textField
createAccessTokenFlag toggleSwitch
claimsNameValuePairsAccessToken selectNameValueListColumn
accessTokenExpiry textField
createSessionTokenFlag toggleSwitch
claimsNameValuePairsSessionToken selectNameValueListColumn
sessionTokenExpiry textField
customScopesFlag toggleSwitch
customScopes textField
customScopesSeparateField toggleSwitch
customScopesSeparateFieldName textField
Input Schema
default object
userInfo object
skOpenId object
domainPublicHost string
Output Schema
output object
access_token string
id_token string
session_token string