Specifying a dynamic authorization header for a REST API datastore - PingFederate

Page created: 11 Oct 2019 |

Page updated: 19 Mar 2020

| 1 min read

PingFederate 10.0 Product Configuration User task Software Deployment Method Product documentation Content Type Administrator Audience

When you configure an Open ID Connect IdP connection with an application (such as Google or Yahoo for example), you can use the access token from the connection as a bearer token in an authorization header to receive additional information as needed.

Create a Service Provider Open ID Connect IdP connection
Configure an Identity Provider authentication policy for the connection

Make the Open ID Connect call to the application to obtain the access token that you plan to use as a bearer token.
After the connection has been made, you can find the access token attribute name in <pf_install>/pingfederate/log/server.log (in debug mode).
On the Configure Data Source Filters screen, enter the access token attribute name in the Authorization Header field.
Example Authorization Header entries are shown here for Yahoo and Google Open ID Connect IdP connections:
- For Yahoo: Bearer $(idp.https://api.login.yahoo.com.access_token)
- For Google: Bearer $(idp.https://accounts.google.com.access_token)

Specifying a dynamic authorization header for a REST API datastore - PingFederate - 10.0

PingFederate Server