---
title: Creating a resource server client
description: Configure an OAuth client for use with PingFederate token provider resource server configuration in PingAccess.
component: pingaccess
version: 9.0
page_id: pingaccess:token_providers:pa_creating_a_resource_server
canonical_url: https://docs.pingidentity.com/pingaccess/9.0/token_providers/pa_creating_a_resource_server.html
revdate: February 6, 2023
section_ids:
  about-this-task: About this task
  steps: Steps
  next-steps: Next steps
---

# Creating a resource server client

Configure an OAuth *(tooltip: \<div class="paragraph">
\<p>A standard framework that enables an application (OAuth client) to obtain access tokens from an OAuth authorization server for the purpose of retrieving protected resources on a resource server.\</p>
\</div>)* client for use with PingFederate token provider resource server configuration in PingAccess.

## About this task

For more information, see [Manage OAuth clients](https://docs.pingidentity.com/pingfederate/latest/introduction_to_pingfederate/pf_client_management.html).

## Steps

1. Go to **Applications → OAuth → Clients**.

2. Click **Add Client**.

3. In the **Client ID** field, specify a client ID.

   ```
   pa_rs
   ```

4. In the **Name** field, specify a name.

   ```
   PingAccessResourceServer
   ```

5. In the **Client Authentication** section, select **Client Secret**.

6. In the **Client Secret** section, select **Change Secret**, and then click **Generate Secret**.

   |   |                                                                                          |
   | - | ---------------------------------------------------------------------------------------- |
   |   | Copy the secret to a secure location so that you can use it in PingAccess configuration. |

7. In the **Redirect URIs** field, enter the OpenID Connect (OIDC) *(tooltip: \<div class="paragraph">
   \<p>An authentication protocol built on top of OAuth that authenticates users and enables clients (relying parties) of all types to request and receive information about authenticated sessions and users. OIDC is extensible, allowing clients to use optional features such as encryption of identity data, discovery of OpenID Providers (OAuth authorization servers), and session management.\</p>
   \</div>)* callback redirect to the PingAccess server.

   For example, `https://mypingaccessserver:3000/pa/oidc/cb`.

8. Click **Add**.

9. In the **Allowed Grant Types** section, select the **Access Token Validation (Client is a Resource Server)** check box.

10. Click **Save**.

## Next steps

[Create a web session client](pa_creating_a_web_session_client.html).