Creating a native app - PingOne - PingOne Cloud Platform

PingOne Cloud Platform

PingOne Cloud Platform
PingOne Cloud Platform

In this example, you'll configure a full flow, accessing and authenticating an OpenID Connect (OIDC)mobile app.

Page created: 4 Nov 2022 |
Page updated: 10 May 2023

Creating a native app using the admin console

Page created: 4 Nov 2022 |
Page updated: 9 Jan 2023
| 1 min read

PingOne Cloud Platform PingOne Product
  1. Go to Connections > Applications.
  2. Click the + icon.

    The Add Application panel opens.

  3. Enter an appropriate Application Name and a Description.

    For example, Getting Started Native App.

  4. In the Choose Application type section, click Native.
  5. Click Save.

    The details panel opens. Applications are granted OAuth scopes so that they can access PingOne platform resources.

  6. On the Configuration tab, click the Pencil icon.
  7. In the Redirect URIs field, enter your mobile application's redirect URL.

    For example,http://localhost.

  8. Click Save.
  9. To grant access to your application, go to the Access tab and click the Pencil icon.
  10. Click + to select the appropriate groups.
  11. Click Save.
  12. On the Resources tab, click the Pencil icon.
  13. In the Search Scopes field, enterprofile.

    This filters the list of resource types, so that only the OpenID profile scope remains visible in the scopes selection list.

  14. On the Profile Scope tab, click the + icon or drag it to the Allowed Scope column.
  15. Click Save.
  16. To map your PingOne user-defined attributes to your corresponding application attributes, on the Attribute Mappings tab, click the Pencil icon.
  17. Click + Add and complete the Attributes and corresponding PingOne Mappings fields.
  18. Click Save.
  19. At the top right of the web application's profile, click the toggle to enable it.

    Your new native app appears on the Applications page.

Applying the MFA-only policy

Creating a native app using the API

Page created: 4 Nov 2022 |
Page updated: 9 Jan 2023
| 1 min read

PingOne Cloud Platform PingOne Product

Application developers can use the API operations to create a native app.

  • Use the access token generated through the worker app and the following POST operation:
        "enabled": true,
        "name": "NativeApp",
        "description": "Mobile App",
        "type": "NATIVE_APP",
        "protocol": "OPENID_CONNECT",
        "grantTypes": [
        "redirectUris": [
        "responseTypes": [
        "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC"
  • To grant access to the web app and at least one scope in the system, you first must get the resource and scope IDs by using the following GET operation:

    For details see GET: Step 3: Get the list of resources and GET: Step 4: Get all scopes in the API reference.

  • To create grants, use the following POST operation:

    For details, see POST: Step 5: Create the application’s resource access grant in the API reference.

  • To create push credentials, use the corresponding POST operation for your mobile operating system:
    • For an Android app:
        "type": "FCM",
        "key": "{{fcmServerKey}}"
    • For an iOS app:
        "type": "APNS",
        "key": "{{appleKey}}",
        "teamId": "{{appleTeamId}}",
        "token": "-----BEGIN PRIVATE KEY-----\n{{appleToken}}\n-----END PRIVATE KEY-----"

Apply the MFA-only policy