---
title: Creating a web session client
description: Configure an OAuth client for use with web session configuration in PingAccess.
component: pingaccess
version: 9.0
page_id: pingaccess:token_providers:pa_creating_a_web_session_client
canonical_url: https://docs.pingidentity.com/pingaccess/9.0/token_providers/pa_creating_a_web_session_client.html
revdate: February 6, 2023
section_ids:
  about-this-task: About this task
  steps: Steps
  next-steps: Next steps
---

# Creating a web session client

Configure an OAuth client *(tooltip: \<div class="paragraph">
\<p>The application in an OAuth framework that requests access to resources. If the request is approved by the authorization server, the client is issued an access token for the resources.\</p>
\</div>)* for use with web session configuration in PingAccess.

## About this task

For more information, see [Manage OAuth clients](https://docs.pingidentity.com/pingfederate/latest/introduction_to_pingfederate/pf_client_management.html).

## Steps

1. Go to **Applications → OAuth → Clients**.

2. Click **Add Client**.

3. In the **Client ID** field, specify a client ID.

   ```
   pa_wam
   ```

4. In the **Name** field, specify a name.

   ```
   PingAccessWebAccessManagement
   ```

5. In the **Client Authentication** section, select **Client Secret**.

6. In the **Client Secret** section, select **Change Secret**, and then click **Generate Secret**.

   |   |                                                                                          |
   | - | ---------------------------------------------------------------------------------------- |
   |   | Copy the secret to a secure location so that you can use it in PingAccess configuration. |

7. In the **Redirect URIs** field, add the OpenID Connect (OIDC) *(tooltip: \<div class="paragraph">
   \<p>An authentication protocol built on top of OAuth that authenticates users and enables clients (relying parties) of all types to request and receive information about authenticated sessions and users. OIDC is extensible, allowing clients to use optional features such as encryption of identity data, discovery of OpenID Providers (OAuth authorization servers), and session management.\</p>
   \</div>)* callback redirect to the PingAccess server.

   For example, `https://mypingaccessserver:3000/pa/oidc/cb`.

8. Click **Add**.

9. Select the **Bypass Authorization Approval** check box.

10. In the **Allowed Grant Types** section, select the **Authorization Code** check box.

11. Click **Save**.

## Next steps

[Create and export a certificate](pa_creating_and_exporting_a_certificate.html).