OAuth clients interacts with an authorization server to obtain access tokens (and sometimes refresh tokens) for the purpose of accessing protected resources on resource servers.

PingFederate provides administrators the flexibility to manage OAuth clients using the following interfaces:

  • The administrative console
  • The administrative API
  • The OAuth Client Management Service

Additionally, PingFederate supports dynamic client registration based on the OAuth 2.0 Dynamic Client Registration Protocol specification (tools.ietf.org/html/rfc7591).

Client records are stored in XML files by default. This configuration provides administrators the capability to manage clients using the administrative console and the administrative API and developers to submit client creation requests based on the Dynamic Client Registration protocol specification. Client records are part of the configuration archive.

Alternatively, administrators can configure PingFederate to store client records externally, on a database server, a directory server, or some other storage medium through the use of the PingFederate SDK. (The OAuth Client Management Service requires client records to be stored externally.) Note that client records are not part of the configuration archive.