PingCentral supports OAuth resource server functionality by validating provided bearer tokens when accessing the Admin API. Only JWT tokens are supported in this release, so a JWKS endpoint is required for signature validation.
To define this endpoint, access the application.properties file, which resides in the conf folder in the PingCentral installation directory. Uncomment the following property and define the JWKS endpoint URI, as shown in this example:
While the subject (sub) claim is mandatory with OpenID Connect, it is not required when using OAuth 2.
With bearer tokens, PingCentral looks for the Username claim by default, but this also can be configured, as shown in this example: