PingOne supports the following grant types:

Authorization code
This grant type is used by web applications. The authorization request generates an authorization code that is exchanged for an access token. An authorization code expires after 10 minutes.
This grant type is intended for use by mobile applications or client-side web applications with no server-side component. The implicit grant type is for applications that cannot guarantee the confidentiality of the client secret.
Client credentials
This grant type is made directly to the token endpoint and is used to request an access token for either:
  • Resources owned by the application rather than a user.
  • Resources belonging to multiple end users.
Device authorization
This grant type allows a user to grant authorization to the device client using a browser on a second device, such as a smartphone or computer. The device authorization grant type is typically used to access a protected resource through a device that lacks a browser or has limited user input capabilities, such as a smart TV or appliance.
Refresh token
This grant type is used by applications to exchange a refresh token for an expired access token. It gives applications the ability to acquire a valid access token without additional user interaction. To obtain a refresh token along with an access token, the client must be configured with the refresh_token grant type and either the authorization_code grant type or the device_authorization grant type.