The supported OAuth endpoints include:

  • /as/token.oauth2
  • /as/revoke_token.oauth2
  • /idp/userinfo.openid
  • /pf-ws/rest/oauth/grants/
  • /pf/JWKS
  • /.well-known/openid-configuration
  • /as/bc-auth.ciba

As needed, administrators can add or remove allowed origins using the administrative console on the Authentication Application page. For instructions on how to add and remove allowed origins, see Configuring authentication applications.

Once configured, client-side web applications from the trusted origins are allowed to make requests to the PingFederate authorization server for the purpose of accessing protected resources, such as obtaining or renewing access tokens with refresh tokens, presenting access tokens for revocation, querying additional claims (user attributes), and retrieving OpenID Provider configuration information and JSON Web Key Sets.