You configure PingFederate to use attributes from the following sources:
  • authentication policy contracts
  • authentication sources, such as IdP adapter instances and IdP connections
  • password credential validator instances for resource owner credentials
Depending on the attribute source, use one of the following PingFederate windows to configure the grant contract mapping:
  • Authentication > OAuth > Policy Contract Grant Mapping
  • Authentication > OAuth > IdP Adapter Grant Mapping
  • Authentication > OAuth > Resource Owner Credentials Grant Mapping

These windows also let you configure issuance criteria to control whether PingFederate fulfills the contract.

Persistent grants, and any associated attributes and their values, remain valid until the grants expire or until PingFederate explicitly revokes them or cleans them up.

For more information about the OAuth attribute mapping process, see Mapping OAuth attributes