OAuth user-facing pages

The PingFederate OAuth authorization server provides five windows that are presented to end-users, or resource owners, during certain OAuth transactions. You can customize and brand these windows as needed..

Page title and template file name	Purpose	Message type	Action
Client Access oauth.access.grants.page.template.html	Provides a means for the end users, or resource owners, to revoke persistent access grants.	Normal	User input required
Request for Approval oauth.approval.page.template.html	Advises resource owners that their information is being requested by the identified OAuth client when the default, internal, consent user interface is used. Resource owners can approve or deny individual scopes. Consent approval is applicable to the Device Authorization, Implicit, and Authorization Code grant types. For the latter two, PingFederate might prompt once at first or repeatedly depending on the Reuse Existing Persistent Access Grants for Grant Types setting in System → OAuth Settings → Authorization Server Settings.. In addition, the OAuth client configuration provides an option to bypass this approval page entirely, as needed for trusted clients. When applicable, select the Bypass Authorization Approval check box in the client configuration window. When an external consent user interface is used, PingFederate does not make use of this template file.	Normal	User input required
Connect a device (user code prompt) oauth.device.user-code.page.template.html	This page appears for the OAuth device authorization grant type. It allows resource owners to identify an authorization session that was initiated by the device client. This page appears after the resource owner goes to the OAuth verification URL and logs in. The user types the user code that they received from the device client, and then clicks Submit.	Normal	User input and confirmation required
Connect a device (pre-populated user code prompt) oauth.device.user-code-confirm.page.template.html	This page appears for the OAuth device authorization grant type. It allows resource owners to identify an authorization session that was initiated by the device client. This page appears after the resource owner goes to the OAuth verification URL and logs in. The user confirms the pre-populated user code by clicking Confirm.	Normal	User confirmation required
Connect a device (result) oauth.device.messages.page.template.html	This page appears for the OAuth device authorization grant type. It advises resource owners whether the OAuth device authorization was successful and provides any relevant error messages. By default, this page does not link to any other pages.	Normal	No action

Page title and template file name

Purpose

Message type

Action

Client Access

oauth.access.grants.page.template.html

Provides a means for the end users, or resource owners, to revoke persistent access grants.

Normal

User input required

Request for Approval

oauth.approval.page.template.html

Advises resource owners that their information is being requested by the identified OAuth client when the default, internal, consent user interface is used. Resource owners can approve or deny individual scopes.

Consent approval is applicable to the Device Authorization, Implicit, and Authorization Code grant types. For the latter two, PingFederate might prompt once at first or repeatedly depending on the Reuse Existing Persistent Access Grants for Grant Types setting in System → OAuth Settings → Authorization Server Settings..

In addition, the OAuth client configuration provides an option to bypass this approval page entirely, as needed for trusted clients. When applicable, select the Bypass Authorization Approval check box in the client configuration window.

When an external consent user interface is used, PingFederate does not make use of this template file.

Normal

User input required

Connect a device (user code prompt)

oauth.device.user-code.page.template.html

This page appears for the OAuth device authorization grant type. It allows resource owners to identify an authorization session that was initiated by the device client.

This page appears after the resource owner goes to the OAuth verification URL and logs in. The user types the user code that they received from the device client, and then clicks Submit.

Normal

User input and confirmation required

Connect a device (pre-populated user code prompt)

oauth.device.user-code-confirm.page.template.html

This page appears for the OAuth device authorization grant type. It allows resource owners to identify an authorization session that was initiated by the device client.

This page appears after the resource owner goes to the OAuth verification URL and logs in. The user confirms the pre-populated user code by clicking Confirm.

Normal

User confirmation required

Connect a device (result)

oauth.device.messages.page.template.html

This page appears for the OAuth device authorization grant type. It advises resource owners whether the OAuth device authorization was successful and provides any relevant error messages.

By default, this page does not link to any other pages.

Normal

No action

PingFederate Server

OAuth user-facing pages