PingOne for Enterprise supports the following authorization grant types for OpenID Connect (OIDC) applications.
| Grant Type | Application Availability | Description |
|---|---|---|
Authorization Code |
|
PingOne for Enterprise issues the application an authorization code in the response to the application's authorization request. The application then exchanges the authorization code with the PingOne for Enterprise token endpoint for an access token and ID token for the application. |
Refresh Token |
|
Refresh tokens are available only when you're using the Authorization Code grant type. In this case, PingOne for Enterprise automatically exchanges a refresh token for a new access token if the access token expires. When you enable this grant type, the Refresh Token settings section displays. |
Authorization Code with PKCE |
|
Instead of using a client secret, Proof Key for Code Exchange (PKCE) embeds a code verifier that's transformed by the application and returned to PingOne for Enterprise in the authorization request. PingOne for Enterprise then issues the application an authorization code in the response. The application then exchanges the authorization code with the PingOne for Enterprise token endpoint for an access token and ID token for the application. For more information, see OAuth 2.0 RFC 7636 . |
Implicit |
|
PingOne for Enterprise issues the application
an access token, ID token or both in the response to the
application's authorization request, depending on the
|
Authorization Code and Implicit |
|
This is a hybrid grant type. Depending on the
|