--- title: Configuring support for OAuth rich authorization requests description: You can configure PingFederate to support rich authorization requests from OAuth clients. component: pingfederate version: 13.0 page_id: pingfederate:administrators_reference_guide:pf_config_oauth_rar canonical_url: https://docs.pingidentity.com/pingfederate/13.0/administrators_reference_guide/pf_config_oauth_rar.html revdate: April 18, 2023 section_ids: before-you-begin: Before you begin steps: Steps configuring-authorization-detail-processors: Configuring authorization detail processors before-you-begin-2: Before you begin about-this-task: About this task steps-2: Steps result: Result: configuring-authorization-detail-types: Configuring authorization detail types before-you-begin-3: Before you begin about-this-task-2: About this task steps-3: Steps next-steps: Next steps --- # Configuring support for OAuth rich authorization requests You can configure PingFederate to support rich authorization requests from OAuth clients. ## Before you begin Review the SDK documentation for the `com.pingidentity.sdk.authorizationdetails` package. You can find the SDK documentation in the `/pingfederate/sdk/doc` directory or in [the compiled PingFederate Server SDK documentation](https://download.pingidentity.com/public/documentation/pingfederate/12.3/doc/index.html). ## Steps * Use the PingFederate SDK to develop an authorization detail processor plugin that can process the authorization detail type you want to support. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------- | | | PingFederate does not include any authorization detail processors because handling the authorization details depends on your requirements and use cases. | ## Configuring authorization detail processors Authorization detail processors are custom plugins you can develop and configure to support rich authorization requests. ### Before you begin You must have an authorization detail processor plugin that can process the authorization detail type you want to support. ### About this task To configure an authorization detail processor instance: ### Steps 1. In PingFederate, go to **System > OAuth Settings > Authorization Detail Processors**. 2. In the **Authorization Detail Processors** window, click **Create New Instance**. ### Result: The **Create Authorization Detail Processor Instance** window opens. 3. On the **Type** tab: 1. Enter an **Instance Name** and unique **Instance ID**. 2. Select an **Authorization Detail Processor Type**. 3. (Optional) If other instances exist, select one of them as a **Parent Instance** on which to base this new instance. 4. On the **Instance Configuration** tab, configure the authorization detail processor instance. The tab's settings are determined by the plugin for the **Authorization Detail Processor Type** that you selected on the **Type** tab. 5. On the **Summary** tab, review the settings. Click **Save**. | | | | - | --------------------------------------------------------------------------------------------------------------------------------------- | | | The **Summary** tab shows the **Class Name** and **Supported Authorization Details Types**, which are determined by your custom plugin. | ![Screen capture of the Summary tab of the Create Authorization Detail Processor Instance window](_images/grz1663193219983.png) ## Configuring authorization detail types To support rich authentication requests from OAuth clients, you must configure an authorization detail type for each type that you want PingFederate to support. ### Before you begin PingFederate must have an instance of an authorization detail processor that can process the authorization detail type that you're configuring. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you need information about the authorization detail processor instance when configuring an authorization detail type, go to the **System > OAuth Settings > Authorization Detail Processors** window, open the instance, and go to the **Create Authorization Detail Processor Instance** window and select the **Summary** tab. | ### About this task To support rich authentication requests from OAuth clients, you must configure an authorization detail type for each `type` that you want PingFederate to support: ### Steps 1. In PingFederate, go to **System > OAuth Settings > Authorization Detail Types**. 2. In the **Authorization Detail Types** window, click **Add Authorization Detail Type**. 3. In the **Add an Authorization Detail Type** window: 1. In the **Type** field, enter the name of a supported authorization detail type. 2. Enter a **Description** for the authorization detail type. 3. Select the **Authorization Detail Processor instance** to handle the authorization detail type. 4. Click **Save**. ![Screen capture of the Add an Authorization Detail Type window](_images/cyr1663196150632.png) ### Next steps To complete your configuration: 1. [Configure the external content user interface](pf_external_consent_user_interfac.html), adding an **External Consent Authorization Details Attribute**. 2. [Configure the OAuth client](pf_configuring_oauth_clients.html), selecting the checkboxes for **Allow Authorization Details** and the authorization detail type that you configured in the **Add an Authorization Detail Type** window in step 3 of this topic.