Register OAuth 2.0 applications in PingFederate
OAuth 2.0 client application profiles define how applications connect to PingFederate and obtain OAuth 2.0 tokens.
-
To allow the Ping SDKs to connect to PingFederate and obtain OAuth 2.0 tokens, you must register an OAuth 2.0 client application:
-
Log in to the PingFederate administration console as an administrator.
-
Navigate to
. -
Click Add Client.
PingFederate displays the Clients | Client page.
-
In Client ID and Name, enter a name for the profile, for example
sdkPublicClient
Make a note of the Client ID value, you will need it when you configure the sample code.
-
In Client Authentication, select
None
. -
In Redirect URIs, add the following values:
https://localhost:8443
org.forgerock.demo://oauth2redirect
Also add any other URLs where you host SDK applications.
Failure to add redirect URLs that exactly match your client app’s values can cause PingFederate to display an error message such as `Redirect URI mismatch ` when attempting to end a session by redirecting from the SDK.
-
In Allowed Grant Types, select the following values:
Authorization Code
Refresh Token
-
In the OpenID Connect section:
-
In Logout Mode, select Ping Front-Channel
-
In Front-Channel Logout URIs, add the following values:
org.forgerock.demo://oauth2redirect
https://localhost:8443/callback.html
Also add any other URLs that redirect users to PingFederate to end their session.
Failure to add sign off URLs that exactly match your client app’s values can cause PingFederate to display an error message such as
invalid post logout redirect URI
when attempting to end a session by redirecting from the SDK. -
In Post-Logout Redirect URIs, add the following values:
org.forgerock.demo://oauth2redirect
https://localhost:8443/callback.html
-
-
Click Save.
After changing PingFederate configuration using the administration console, you must replicate the changes to each server node in the cluster before they take effect.
In the PingFederate administration console, navigate to System > Server > Cluster Management, and click Replicate.
The application is now configured to accept client connections from and issue OAuth 2.0 tokens to the Ping SDK PingFederate example applications and tutorials covered by this documentation.
-
Next steps
You can now configure the Ping SDKs to connect to PingFederate and obtain OAuth 2.0 access tokens:
More information
For more information on applications in PingFederate, refer to Managing OAuth clients.