In this example, you'll configure a full flow, accessing and authenticating an OpenID Connect (OIDC)mobile app.
Creating a native app using the admin console
- Go to Connections > Applications.
-
Click the + icon.
The Add Application panel opens.
-
Enter an appropriate Application Name and a
Description.
For example, Getting Started Native App.
- In the Choose Application type section, click Native.
-
Click Save.
The details panel opens. Applications are granted OAuth scopes so that they can access PingOne platform resources.
- On the Configuration tab, click the Pencil icon.
-
In the Redirect URIs field, enter your mobile
application's redirect URL.
For example,http://localhost.
- Click Save.
- To grant access to your application, go to the Access tab and click the Pencil icon.
- Click + to select the appropriate groups.
- Click Save.
- On the Resources tab, click the Pencil icon.
-
In the Search Scopes field,
enterprofile.
Note:
This filters the list of resource types, so that only the OpenID profile scope remains visible in the scopes selection list.
- On the Profile Scope tab, click the + icon or drag it to the Allowed Scope column.
- Click Save.
- To map your PingOne user-defined attributes to your corresponding application attributes, on the Attribute Mappings tab, click the Pencil icon.
- Click + Add and complete the Attributes and corresponding PingOne Mappings fields.
- Click Save.
-
At the top right of the web application's profile, click the toggle to enable
it.
Note:
Your new native app appears on the Applications page.
Creating a native app using the API
Application developers can use the API operations to create a native app.
-
Use the access token generated through the worker app and the following
POST
operation:POST https://api.pingone.com/v1/environments/{{envId}}/applications
POST https://api.pingone.com/v1/environments/{{envId}}/applications { "enabled": true, "name": "NativeApp", "description": "Mobile App", "type": "NATIVE_APP", "protocol": "OPENID_CONNECT", "grantTypes": [ "AUTHORIZATION_CODE" ], "redirectUris": [ "pingonesdk://sample" ], "responseTypes": [ "CODE" ], "tokenEndpointAuthMethod": "CLIENT_SECRET_BASIC" }
-
To grant access to the web app and at least one scope in the system, you first
must get the resource and scope IDs by using the following
GET
operation:GET https://api.pingone.com/v1/environments/{{envId}}/resources?expand=scopes
For details see GET: Step 3: Get the list of resources and GET: Step 4: Get all scopes in the API reference.
-
To create grants, use the following
POST
operation:POST https://api.pingone.com/v1/environments/{{envId}}/applications/{{webAppId}}/grants
For details, see POST: Step 5: Create the application’s resource access grant in the API reference.
-
To create push credentials, use the corresponding
POST
operation for your mobile operating system:- For an Android
app:
POST https://api.pingone.com/v1/environments/{{envId}}/applications/{{nativeAppId}}/pushCredentials { "type": "FCM", "key": "{{fcmServerKey}}" }
- For an iOS
app:
POST https://api.pingone.com/v1/environments/{{envId}}/applications/{{nativeAppId}}/pushCredentials { "type": "APNS", "key": "{{appleKey}}", "teamId": "{{appleTeamId}}", "token": "-----BEGIN PRIVATE KEY-----\n{{appleToken}}\n-----END PRIVATE KEY-----" }
- For an Android
app: