PingFederate Server

OAuth 2.0 endpoints

When developing OAuth-capable applications, developers must follow the OAuth 2.0 Authorization Framework and OpenID Connect specifications if applicable.

OAuth-capable applications must send requests to various OAuth endpoints to obtain authorization grants, access tokens, refresh tokens, and ID tokens if applicable. Additional endpoints exist for other purposes, including for clients to validate access and refresh tokens, for developers to submit client registrations using the OAuth 2.0 Dynamic Client Registration protocol, and for clients to retrieve metadata about the OpenID Connect and OAuth authorization server configurations.

Each endpoint extends from the runtime server at the base URL. If you configure virtual host names, the endpoints are also accessible at those locations.

Example

If the base URL is www.example.com:9031 and the configured virtual host names are www.example.org and www.example.info, the authorization and token endpoints are accessible at the following locations:

Authorization endpoint /as/authorization.oauth2
  • www.example.com:9031/as/authorization.oauth2

  • www.example.org:9031/as/authorization.oauth2

  • www.example.info:9031/as/authorization.oauth2

Token endpoint /as/token.oauth2
  • www.example.com:9031/as/token.oauth2

  • www.example.org:9031/as/token.oauth2

  • www.example.info:9031/as/token.oauth2s