PingOne

Resource scopes

The PingOne platform includes two predefined resources, PingOne API, which is a defined resource that represents the PingOne APIs, and Open ID Connect, which represents OIDC scopes.

You can use PingOne to define custom resources and their associated scopes. Custom resources can be associated with an application either exclusively or in addition to the platform’s predefined resources.

When an application is associated with both the PingOne resource and a custom resource, an authorization request cannot include scopes from both PingOne and the custom resource.

For more information about getting unique access tokens for each API resource, see OAuth access token usage strategies for multiple resources.

OIDC scopes

OIDC scopes are used by an application during authentication to authorize access to user details, like name and email address. Scopes are a collection of claims. Each scope returns a set of user attributes, called claims.

You can define custom attributes for OIDC resources, as well as change the way they are delivered to the application: ID token, UserInfo endpoint, or both.

Changes made to the Open ID resource will define the global configuration, which are inherited by applications. Applications can override the inherited global attributes with custom attributes. See Customizing OIDC attributes for an application.