PingOne

Customizing access tokens

With PingOne, you can customize the content of access tokens by adding custom resource attributes and application permissions to the token. Use customized access tokens to convey additional information about token holders to applications.

About this task

You cannot customize tokens for the two default resources, OpenID Connect and PingOne API.

Steps

  1. Go to Applications → Resources and browse or search for the resource that you want to edit.

  2. Click the resource entry to open the details panel for the resource.

  3. To add custom attributes, click the Attributes tab, and then click the Pencil icon.

    1. Click Add.

    2. Enter the following:

      • Attributes: Enter the attribute value for the resource, such as sub.

      • PingOne mappings: Select an attribute in the list, such as User ID.

        Learn more about configuring the access token TTL (time to live) in Editing a resource.

    3. Continue adding attributes as needed.

  4. To include application permissions in access tokens created for this resource, on the Permissions tab, click the Include user permissions in Access Token toggle.

    To enable the Permissions tab, add PingOne Authorize to your environment.

    Learn more about defining application permissions in Adding application permissions.

    The p1.permissions claim in the access token will include permissions for the authenticated user.

  5. Click Save.