---
title: Configuring bearer token authentication
description: Configure an access token validator.
component: pingdirectory
version: 11.0
page_id: pingdirectory:consent_solution_guide:pd_cs_config_bearer_token_authn
canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/consent_solution_guide/pd_cs_config_bearer_token_authn.html
revdate: September 13, 2023
section_ids:
  about-this-task: About this task
  steps: Steps
  example: Example:
  example-2: Example:
---

# Configuring bearer token authentication

Configure an access token validator.

## About this task

|   |                                                                  |
| - | ---------------------------------------------------------------- |
|   | You can configure the Consent Service to use a single validator. |

## Steps

* Configure an access token validator using `dsconfig`.

  ### Example:

  This example shows an access token validator configured on a PingDirectory server for a PingFederate server.

  ```shell
  $ bin/dsconfig create-external-server \
    --server-name PingFederate \
    --type http \
    --set base-url:https://my-ping-federate-server:1443/
  ```

  ```shell
  $ bin/dsconfig create-access-token-validator \
    --validator-name "PingFederate Token Validator" \
    --type ping-federate \
    --set enabled:true \
    --set "identity-mapper:User ID Exact Match" \
    --set authorization-server:PingFederate \
    --set client-id:id \
    --set client-secret:secret
  ```

* (Optional) If more than one access token validator is configured on a PingDirectory server, you can configure the Consent Service to use a single validator with the following command.

  ### Example:

  ```shell
  $ bin/dsconfig set-http-servlet-extension-prop \
    --extension-name Consent \
    --set "access-token-validator:PingFederate Token Validator"
  ```