Dynamic client registration allows developers to register OAuth clients via an API based on open standards. PingFederate supports various client metadata (see Supported client metadata). If specific use cases require additional metadata, add them as extended properties on the screen.
Because dynamic client registration can expose your server to unwanted client registrations, it is recommended to protect PingFederate by requiring an initial access token, configuring one or more client registration policies, and protecting access to the dynamic client registration endpoint.
Dynamic client registration requires OAuth client storage in an external datastore, such as a database or LDAP directory. If you have not yet switched from on-disk client storage (default) to an external datastore, refer to Defining an OAuth client datastore for instructions to complete the task.
You may continue with the rest of the configuration; however, dynamic client registration remains inactive until an external client storage is defined.
When dynamic client registration is active, developers can send client registrations to the /as/clients.oauth2 endpoint to create OAuth clients dynamically.