PingOne supports the following grant types:

Authorization code
This grant type is used by web applications. The authorization request generates an authorization code that is exchanged for an access token. An authorization code expires after 10 minutes.
This grant type is intended for use by mobile applications or client-side web applications with no server-side component. The implicit grant type is for applications that cannot guarantee the confidentiality of the client secret.
Client credentials
This grant type is made directly to the token endpoint and is used to request an access token for either:
  • Resources owned by the application rather than a user.
  • Resources belonging to multiple end users.
Refresh token
This grant type is used by applications to exchange a refresh token for an expired access token. It gives applications the ability to acquire a valid access token without additional user interaction. To obtain a refresh token along with an access token, the client must be configured with the refresh_token grant type and the authorization_code grant type.