PingAccess

Adding OAuth client rules

Add an OAuth client rule to restrict access to API applications based on one or more OAuth client IDs.

Steps

  1. Click Access and then go to Rules → Rules.

  2. Click Add Rule.

  3. In the Name field, enter a unique name, up to 64 characters long.

    Special characters and spaces are allowed.

  4. From the Type list, select OAuth Client.

  5. In the Client IDs section, enter one or more Client IDs that allow access. To add additional fields, click New Value.

  6. Optional: If you want to configure rejection handling, click Show Advanced Settings, and then from the Rejection Handler list, select an existing rejection handler that defines whether to display an error template or redirect to a URL.

    You can include information about missing Client IDs in the rejection response using the $info variable.

    For example, if you are using the Default application programming interface (API) rejection handler, you could edit the PA_HOME/conf/template/oauth.error.json file and change this line: \{"$Encode.forJavaScriptSource($header)":""}

    to

    \{"$Encode.forJavaScriptSource($header)":"#if($info)$Encode.forJavaScriptSource($info)#end"}

  7. Click Save.