PingFederate can act as an OAuth authorization server (AS), allowing a resource owner to grant authorization to a client requesting access to resources protected by a resource server (RS).
The OAuth AS issues tokens to clients on behalf of a resource for use in authenticating a subsequent API call—typically, but not exclusively a REST API. The PingFederate OAuth AS issues tokens to clients in several different scenarios, including:
- A web application wants access to a protected resource associated with a user and needs the user's consent.
- A native application client on a mobile device or tablet wants to connect to a user's online account and needs the user's consent.
- An enterprise application client wants to access a protected resource hosted by a business partner, customer, or software as a service (SaaS) provider.
For information about OAuth and the role of an AS, see OAuth 2.0 and PingFederate AS.
You can configure the PingFederate OAuth AS independently or in conjunction with security token service (STS) and browser-based single sign-on (SSO) for either an identity provider (IdP) or a service provider (SP) deployment. For more information, see About OAuth.