Dynamic client registration allows developers to register OAuth clients through an API based on open standards.
PingFederate supports various client metadata as described in Supported client metadata. If specific use cases require additional metadata, add them as extended properties in .
As dynamic client registration can expose your server to unwanted client registrations, we recommend protecting PingFederate by requiring an initial access token, configuring one or more client registration policies, and protecting access to the dynamic client registration endpoint.
Dynamic client registration requires OAuth client storage in an external datastore, such as a database or LDAP directory. If you have not yet switched from the default on-disk client storage to an external datastore, see OAuth client datastores. You can continue with the rest of the configuration; however, dynamic client registration remains inactive until an external client storage is defined.
When dynamic client registration is active, developers can send client registrations to the /as/clients.oauth2 endpoint to create OAuth clients dynamically.
Other maintenance calls can be made to the registration_client_uri
returned in the original registration response. This endpoint has the format
/as/clients.oauth2/<clientId>.