---
title: Configuring the PingAuthorize OAuth subject search
description: Configure PingAuthorize Server to search the user store for OAuth token subjects.
component: pingauthorize
version: 11.0
page_id: pingauthorize:pingauthorize_server_administration_guide:paz_config_oauth_subj_search
canonical_url: https://docs.pingidentity.com/pingauthorize/11.0/pingauthorize_server_administration_guide/paz_config_oauth_subj_search.html
revdate: July 29, 2022
section_ids:
  steps: Steps
  example: Example:
  example-2: Example:
---

# Configuring the PingAuthorize OAuth subject search

Configure PingAuthorize Server to search the user store for OAuth token subjects.

## Steps

* To configure the PingAuthorize Server to mock OAuth access token validation, run the `dsconfig create-access-token-validator` command.

  ### Example:

  ```json
  {pingauthorize}/bin/dsconfig create-access-token-validator \
    --no-prompt --port 8636 --useSSL --trustAll \
    --bindDN "cn=directory manager" \
    --bindPassword <your-pingauthorize-password> \
    --validator-name "Mock Access Token Validator" \
    --type mock --set enabled:true --set subject-claim-name:sub
  ```

  The Mock Access Token Validator accepts tokens without authenticating them and is used only for demonstration and testing purposes. To use an authorization server like PingFederate, see [Access token validators](paz_access_token_validators.html).

* To configure PingAuthorize Server to search the user store and retrieve the identity attributes of the OAuth token subject so the attributes can be evaluated in a policy, run the `dsconfig create-token-resource-lookup-method` command.

  ### Example:

  ```json
  {pingauthorize}/bin/dsconfig create-token-resource-lookup-method \
    --no-prompt --port 8636 --useSSL --trustAll \
    --bindDN "cn=directory manager" \
    --bindPassword <your-pingauthorize-password> \
    --validator-name "Mock Access Token Validator" \
    --method-name "User by uid" \
    --type 'scim' \
    --set scim-resource-type:Users \
    --set 'match-filter:uid eq "%_subject_claim_name%"' \
    --set evaluation-order-index:100
  ```

  A token resource lookup method defines the expression that is used to search System for Cross-domain Identity Management (SCIM) resources by the access token subject or additional claims. In this example, the value of the access token subject claim is used to search the `uid` attribute value of the SCIM user resource.