PingOne

Creating a native app

In this example, you’ll configure a full flow, accessing and authenticating an OpenID Connect (OIDC)mobile app.

  • Console

  • API

Creating a native app using the admin console

Steps

  1. Go to Applications → Applications.

  2. Click the icon.

    Result:

    The Add Application panel opens.

  3. Enter an appropriate Application Name and a Description.

    Example:

    For example, Getting Started Native App.

  4. In the Choose Application type section, click Native.

  5. Click Save.

    Result:

    The details panel opens. Applications are granted OAuth scopes so that they can access PingOne platform resources.

  6. On the Configuration tab, click the Pencil icon.

  7. In the Redirect URIs field, enter your mobile application’s redirect URL.

    Example:

    For example, http://localhost.

  8. Click Save.

  9. To grant access to your application, go to the Access tab and click the Pencil icon.

  10. Click to select the appropriate groups.

  11. Click Save.

  12. On the Resources tab, click the Pencil icon.

  13. In the Search Scopes field, enterprofile.

    This filters the list of resource types, so that only the OpenID profile scope remains visible in the scopes selection list.

  14. On the Profile Scope tab, click the icon or drag it to the Allowed Scope column.

  15. Click Save.

  16. To map your PingOne user-defined attributes to your corresponding application attributes, on the Attribute Mappings tab, click the Pencilicon.

  17. Click Add and complete the Attributesand corresponding PingOne Mappings fields.

  18. Click Save.

  19. At the top right of the web application’s profile, click the toggle to enable it.

    Your new native app appears on the Applications page.

Next steps

Applying the MFA-only policy

Creating a native app using the API

About this task

Application developers can use the API operations to create a native app.

Steps

  • Use the access token generated through the worker app and the following POST operation:

    POST https://api.pingone.com/v1/environments/{{envId}}/applications

    Example:

    POST https://api.pingone.com/v1/environments/{{envId}}/applications
{
    "enabled": true,
    "name": "NativeApp",
    "description": "Mobile App",
    "type": "NATIVE_APP",
    "protocol": "OPENID_CONNECT",
    "grantTypes": [
        "AUTHORIZATION_CODE"
    ],
    "redirectUris": [
       "pingonesdk://sample"
    ],
    "responseTypes": [
        "CODE"
    ],
    "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
}

  • To grant access to the web app and at least one scope in the system, you first must get the resource and scope IDs by using the following GET operation:

    GET https://api.pingone.com/v1/environments/{{envId}}/resources?expand=scopes

    For details see GET: Step 3: Get the list of resources and GET: Step 4: Get all scopes in the API reference.

  • To create grants, use the following POST operation:

    POST https://api.pingone.com/v1/environments/{{envId}}/applications/{{webAppId}}/grants

    For details, see POST: Step 5: Create the application’s resource access grant in the API reference.

  • To create push credentials, use the corresponding POST operation for your mobile operating system:

    Choose from:

    • For an Android app:

      POST https://api.pingone.com/v1/environments/{{envId}}/applications/{{nativeAppId}}/pushCredentials
{
  "type": "FCM",
  "key": "{{fcmServerKey}}"
}

    • For an iOS app:

      POST https://api.pingone.com/v1/environments/{{envId}}/applications/{{nativeAppId}}/pushCredentials
{
  "type": "APNS",
  "key": "{{appleKey}}",
  "teamId": "{{appleTeamId}}",
  "token": "-----BEGIN PRIVATE KEY-----\n{{appleToken}}\n-----END PRIVATE KEY-----"
}

Next steps

Apply the MFA-only policy