--- title: Editing a resource description: Use the Resources page to modify existing resources in PingOne. component: pingone page_id: pingone:applications:p1_editresource canonical_url: https://docs.pingidentity.com/pingone/applications/p1_editresource.html revdate: January 10, 2025 section_ids: steps: Steps --- # Editing a resource Use the **Resources** page to modify existing resources in PingOne. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | You can enable an OIDC-based application to request scopes from multiple resources in a single request. Learn more about the **Request scopes to access multiple resources** option in [Editing an application - OIDC](p1_edit_application_oidc.html). | ## Steps 1. In the PingOne admin console, go to **Applications > Resources** and browse or search for the resource you want to edit. The results list updates as you enter the search query. The current resources are shown in the list. 2. Click a resource entry to open the details panel for the resource. 3. On the **Overview** tab, click the **Pencil** icon ([icon: pencil, set=fa]) and enter or edit the following: | Field | Description | | ------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Resource Name** | A unique identifier for the resource. | | **Audience** (optional) | The intended audience for the resource. If you don't provide a value, PingOne defaults to the resource name. | | **Description** (optional) | A brief description of the resource. | | **Access token time to live (seconds)** | The maximum time, in seconds, that the access token will be valid for use in the application. | | **Token Introspection Endpoint Authentication Method** | Specifies how to authenticate using the client credentials for the application to which the token was issued. You can select from:- `None` - `Client secret basic` - `Client secret post` - `Client secret JWT` - `Private key JWT` For `Private key JWT`, select **JWKS URL** or **JWKS**. Provide either the URL where PingOne can retrieve the JSON Web Key Set (JWKS) or the web key set itself. | 4. On the **Attributes** tab, map resource attributes to user attributes in PingOne. 1. Enter a resource attribute and then select the corresponding PingOne attribute from the list. For example, you could map the `OIDC family_name` attribute to the PingOne `Family Name` attribute. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | Resources can use JSON attributes in their attribute mappings. You can use these attributes to pass complex information to applications through an access token. Learn more in [Adding user attributes](../directory/p1_adduserattributes.html). | 2. (Optional) Click the **Gear** icon ([icon: gear, set=fa]) to use advanced expressions. Learn more in [Using the expression builder](../pingone_expression_language/p1_use_expression_builder.html). 3. (Optional) Select the **Required** checkbox to make the attribute required. * For any attributes except the `sub` attribute If it can't find a value for an attribute set as required, PingOne doesn't issue an access token for the resource and instead issues an error message in the token response. * For the `sub` attribute The following table lists how PingOne handles the `sub` attribute based on whether it's set as required and what grant type the application is using: | `sub` set as required? | Application grant type | If PingOne can't find an attribute mapping value? | | ---------------------- | --------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | | Yes | Any grant type requiring user interaction, such as authorization code | PingOne doesn't issue an access token for the resource and instead issues an error message in the token response. | | Yes | Client credentials | PingOne doesn't issue an access token for the resource and instead issues an error message in the token response. | | No | Any grant type requiring user interaction | PingOne populates the `sub` attribute with the PingOne user ID of the authenticated user. | | No | Client credentials | PingOne returns an access token without including the `sub` attribute. | 4. To add more attributes, click **[icon: plus, set=fa]Add** and enter an attribute and the corresponding PingOne mapping. Learn more in [Mapping attributes](../directory/p1_editsamlattributemapping.html). 5. To delete an attribute, click the **Delete** icon ([icon: trash, set=fa]) for the appropriate attribute. 6. Click **Save**. 5. On the **Scopes** tab: 1. Locate the scope you want to edit, and then click [icon: pencil, set=fa]. 2. Enter or edit the **Scope Name** and **Description**. 3. (Optional) To add a scope, click **[icon: plus, set=fa]Add Scope**, and enter the **Scope Name** and **Description** and any mapped attributes to which you want the scope to have access. 4. Click **Save**. 6. (Optional) On the **Permissions** tab: 1. Click the **Include user permissions in Access Token** toggle to include application permissions in access tokens created for this resource. | | | | - | ----------------------------------------------------------------------------- | | | To enable the **Permissions** tab, add PingOne Authorize to your environment. | Permissions for the authenticated user will be included in the `p1.permissions` claim in the access token. Learn more in [Application permissions](p1_application_permissions.html). 2. To add an application resource and permissions, click **[icon: plus, set=fa]Add Permissions**. Learn more in [Adding application permissions](p1_add_application_permissions.html). 3. To edit an application resource, click [icon: pencil, set=fa]next to the application resource. * Edit the application resource **Name** and **Description**. * To add a permission, click **[icon: plus, set=fa]Add** and enter an **Action** and **Description** for the permission. * Edit the **Action** and **Description** for existing permissions. * To delete a permission, click [icon: trash, set=fa]next to the permission. 4. (Optional) To delete an application resource, click [icon: trash, set=fa]next to the application resource. 5. Click **Save**.