PingOne Advanced Identity Cloud

Legacy endpoints

PingOne Advanced Identity Cloud exposes the following legacy endpoints:

Endpoint Description

Retrieve metadata about a token, revoke access, and refresh tokens

Validate tokens and retrieve token metadata to determine how to respond to requests for protected resources

Use legacy endpoints when required to upgrade or migrate an existing deployment.

Avoid using legacy endpoints in new deployments.

/frrest/oauth2/token (Legacy)

Use this endpoint when you cannot use the following alternatives:

/oauth2/introspect

Retrieve metadata from OAuth 2.0 tokens.

/oauth2/token/revoke

Delete (revoke) OAuth 2.0 tokens.

/users/user/oauth2/applications

List clients with tokens granted by specific resource owners and delete tokens.

The /frrest/oauth2/token endpoint does not include the realm in the path:

  • To list the contents of a token, send an HTTP GET request to:

      https://<tenant-env-fqdn>/am/frrest/oauth2/token/<access-token>

    Use the resource owner SSO token as the cookie for authorization; for example, <session-cookie-name>=<resource-owner-tokenId>.

  • To list the tokens for the current resource owner, send an HTTP GET request to

    https://<tenant-env-fqdn>/am/frrest/oauth2/token/?_queryId=access_token

    Use the resource owner SSO token as the cookie for authorization; for example, <session-cookie-name>=<resource-owner-tokenId>.

  • To list the tokens for a specific user, send an HTTP GET request to:

    https://<tenant-env-fqdn>/am/frrest/oauth2/token/?_queryId=userName=username,realm=/realm

    Use the SSO token of an administrative user as the cookie for authorization; for example, <session-cookie-name>=<admin-tokenId>.

  • To delete (revoke) a token, send an HTTP DELETE request to:

    https://<tenant-env-fqdn>/am/frrest/oauth2/token/<access-token>`

    Use the SSO token of an administrative user as the cookie for authorization; for example, <session-cookie-name>=<admin-tokenId>.

/oauth2/tokeninfo (Legacy)

Use this endpoint when you cannot use the standard /oauth2/introspect endpoint.

To inspect the contents of the token, send an HTTP GET request to:

https://<tenant-env-fqdn>/am/oauth2/realms/root/realms/realm/tokeninfo

Use the token as a bearer token in an authorization header; for example, Authorization: Bearer <access-token>.