Creating the client credentials application
Start by creating an OIDC application in PingOne.
Steps
-
Go to Applications > Resources.
-
Click the + icon.
-
Create the resource by completing these fields:
-
Resource name: A unique identifier for the resource.
-
Description (optional): A brief characterization of the resource that helps identify it.
-
-
Click Next.
-
On the Attributes page, click Add to add a new attribute.
-
Name the new attribute
groups.Set the value to a hardcoded list of valid Self-Service roles. For example,
{“dev-tls-admin”, “prod-tls-audit”}. You can find a complete list of these roles in Self-Service Roles.The Self-Service attribute must be set up for it to display in the list. You can find instructions on adding this attribute in Creating custom user attributes.
-
Click Next.
-
On the Scopes page, add a new scope to map the Self-Service role to the new application. Click Add Scope and complete the following fields:
-
Scope name: A unique identifier for the scope.
-
Description (optional): A brief characterization of the scope that helps identify it.
-
-
Click Save.
-
Now, add the OIDC application. Go to Applications > Applications.
-
Click the + icon.
-
Complete the following fields:
-
Application name: A unique identifier for the application.
-
Description (optional): A brief characterization of the application that helps identify it.
-
Icon (optional): A graphic representation of the application. Use a file up to 1 MB in JPG, JPEG, GIF, or PNG format.
-
-
In the list of available application types, select OIDC Web App. Click Save.
-
On the Configuration tab, click the Pencil icon to edit the configuration.
-
Change the Response Type to none by clearing all the options.
-
Change the Grant Type to Client Credentials.
-
-
Click Save.
-
On the Resources tab, click the Pencil icon to add the scope you added in step 8 to the application.
-
Click Save and click the toggle for the application.