PingFederate can act as an OAuth authorization server (AS), allowing a resource owner to grant authorization to a client requesting access to resources protected by a resource server. The OAuth AS issues tokens to clients on behalf of a resource for use in authenticating a subsequent API call—typically, but not exclusively a Representational State Transfer (REST) API. The PingFederate OAuth AS issues tokens to clients in several different scenarios, including:

  • A web application wants access to a protected resource associated with a user and needs the user's consent.
  • A native application client on a mobile device or tablet wants to connect to a user's online account and needs the user's consent.
  • An enterprise application client wants to access a protected resource hosted by a business partner, customer, or SaaS provider.

(For information about OAuth and the role of an AS, see OAuth 2.0 and PingFederate AS.)

The PingFederate OAuth AS can be configured independently or in conjunction with STS and browser-based SSO for either an IdP or an SP deployment. For more information, see About OAuth.


OAuth AS capabilities may require additional licenses. For more information, please contact