To use the Session Management API, you’ll need an OAuth client enabled. For session revocation, the client must use authentication. In this example, you are using client secret, but you can choose TLS or private key JSON Web Token (JWT). For more information about configuring OAuth clients, see Configuring OAuth clients.

  1. In the PingFederate administrative console, go to Applications > OAuth > Clients.
  2. Click Add Client.
  3. For Client Authentication, select the Client Secret option.
  4. For Client Secret, select Change Secret, and then enter a secret or click Generate Secret.
    Screen capture showing the Client Authentication area with the Client Secret option selected.
  5. For Redirect URIs, in the Redirection URIs field, enter http://localhost, and click Add.
  6. For Bypass Authorization Approval, select the Bypass check box to bypass the approval page.
  7. For Allowed Grant Types, select the Implicit check box to use the implicit grant type.
    Screen capture showing the Redirect URIs area, and the Bypass Authorization Approval Bypass option and Allowed Grant Types Impact option selected.
  8. For Session API Endpoints, select the Allow Access to Session Revocation API and Allow Access to Session Management API check boxes.
    Screen capture showing the Sessions Endpoints API area in the Client window.
  9. Save your OAuth client configuration.