The PingOne platform includes two
API, which is a defined resource that represents the PingOne APIs, and
Connect, which represents OIDC scopes.
You can use PingOne to define custom resources and their associated scopes. Custom resources can be associated with an application either exclusively or in addition to the platform’s predefined resources.
When an application is associated with both the PingOne resource and a custom resource, an authorization request cannot include scopes from both PingOne and the custom resource.
For more information about getting unique access tokens for each API resource, see OAuth access token usage strategies for multiple resources.
OIDC scopes are used by an application during authentication to authorize access to user details, like name and email address. Scopes are a collection of claims. Each scope returns a set of user attributes, called claims.
Changes made to the Open ID resource will define the global configuration, which are inherited by applications. Applications can override the inherited global attributes with custom attributes. See Customizing OIDC attributes for an application.