Customizing access token lifetime

When defining a custom resource in PingOne, you can customize the access token lifetime as needed and add relevant scopes. The access token lifetime defaults to 1 hour.

About this task

When defining an OpenID Connect (OIDC)-based application, you can specify the resources that the application can request access to by adding the relevant scopes to the application. When an application requests an access token from PingOne so that it can access a custom resource, the application sends the required scopes in the request. The lifetime of the access token is determined by the access token lifetime set in that custom resource.

Steps

Go to Applications → Resources.
Click the + icon.
For Create resource profile, enter the following information:
- Resource name. A unique identifier for the resource.
- Audience. (Optional) The intended audience for the resource. If you don’t provide a value, PingOne will default to the resource name.
- Description. (Optional) A brief characterization of the resource.
- Access token time to live. The maximum time that the access token will be valid for use in the application, in seconds.
Click Next.
For Attributes, map resource attributes to user attributes in PingOne.
1. Enter a resource attribute and then select the corresponding PingOne attribute from the list.
2. To add an attribute, click the Add button.
Click Next.
For Scopes, configure the appropriate scopes for the resource. Each resource can have one or more scopes. To add a scope, click Add scope. Enter the following:
- Scope name. The name of the scope to be used for this resource. Scopes are defined by the resource server.
- Description. (Optional) A brief characterization of the scope.
Click Save.
To add the scope to an application, go to Applications → Applications, and browse or search for the appropriate application.
On the Resources tab, click the Pencil icon.
Locate the scope that you previously added to your resource and click the checkbox next to the scope.
Click Save.