In the first stage of the OAuth attribute mapping process, PingFederate maps attributes to persistent grant contracts.
- authentication policy contracts
- authentication sources, such as IdP adapter instances and IdP connections
- password credential validator instances for resource owner credentials
These windows also let you configure issuance criteria to control whether PingFederate fulfills the contract.
Persistent grants, and any associated attributes and their values, remain valid until the grants expire or until PingFederate explicitly revokes them or cleans them up.
For more information about the OAuth attribute mapping process, see Mapping OAuth attributes