OAuth clients interact with an authorization server (AS) to obtain access tokens and optionally refresh tokens to access protected resources on resource servers.
PingFederate provides administrators the flexibility to manage OAuth clients using the following interfaces:
- The administrative console
- The administrative API
- The OAuth Client Management Service
Additionally, PingFederate supports dynamic client registration based on the OAuth 2.0 Dynamic Client Registration Protocol specification.
Storing client records in XML files by default allows administrators to manage clients using the administrative console and the administrative API. It also allows developers to submit client creation requests based on the Dynamic Client Registration protocol specification. The configuration archive contains client records.
Alternatively, because the OAuth Client Managment Service requires external storage of client records, PingFederate supports configuration to store client records externally on a database server, a directory server, or some other storage medium through the use of the PingFederate SDK. Under this configuration, the configuration archive does not include client records.