Qodex.ai

Add a Custom Claim to an Access Token

Number of APIs: 12

This activity shows you how to define a custom resource and custom scope and add the custom scope as a claim in an access token.

The following operations are supported by the PingOne APIs:

  • Create an application
  • Create a custom resouce and scope
  • Create a resource attribute mapping
  • Initiate authorization and complete the authentication flow
  • Verify the custom claim in the access token

Prerequisites

Get an access token from the worker application that you created in Getting Started with the PingOne APIs. To get a token from a different worker application in an alternate sandbox environment, run the token request endpoint using the client ID and client secret of your chosen worker app to authenticate the request. For more information, see GET a Worker Application Access Token.

Workflow order of operations

To add a custom claim to an access token, the following tasks must be completed successfully:

  1. Make a POST request to /environments/{{envID}}/applications to add a new application to the specified environment.

  2. Make a POST request to /environments/{{envID}}/resources to define a custom resource.

  3. Make a POST request to /environments/{{envID}}/resources/{{resourceID}}/scopes to define a scope for the custom resource.

  4. Make a POST request to /environments/{{envID}}/resources/{{resourceID}}/attribute to define a resource attribute mapping.

  5. Make a POST request to /environments/{{envID}}/applications/{{appID}}/grants to create the access grant for the application.

  6. Make a POST request to /environments/{{envID}}/populations to create a new population resource.

  7. Make a POST request to /environments/{{envID}}/users to create a user who will be assigned to the new population resource.

  8. Make a POST request to /environments/{{envID}}/users/{{userID}}/password to set the new user's password.

  9. Make a GET request to /{{envID}}/as/authorize to obtain an authorization grant. This request starts the authorization and authentication flow.

  10. To initiate the authentication flow, make a GET request to /{{envID}}/flows/{{flowID}}.

  11. To complete the authentication flow, make a POST request to /{{envID}}/flows/{{flowID}} and provide the user's login credentials.

  12. Make a GET request to /{{envID}}/as/resume?flowId={{flowID}} to call the resume endpoint and return the token.

  1. Step 1: Create a single-page application POST {{apiPath}}/environments/{{envID}}/applications

  2. Step 2: Create a custom resource POST {{apiPath}}/environments/{{envID}}/resources

  3. Step 3: Create a custom scope POST {{apiPath}}/environments/{{envID}}/resources/{{customResourceID}}/scopes

  4. Step 11: Submit Login Credentials POST {{authPath}}/{{envID}}/flows/{{flowID}}

  5. Step 12: Call the resume endpoint GET {{authPath}}/{{envID}}/as/resume?flowId={{flowID}}

  6. Step 4: Create a resource attribute mapping POST {{apiPath}}/environments/{{envID}}/resources/{{customResourceID}}/attributes

  7. Step 5: Create the application's resource access grant POST {{apiPath}}/environments/{{envID}}/applications/{{CustomResourceAppID}}/grants

  8. Step 6: Create a population POST {{apiPath}}/environments/{{envID}}/populations

  9. Step 7: Create user POST {{apiPath}}/environments/{{envID}}/users

  10. Step 8: Set user password PUT {{apiPath}}/environments/{{envID}}/users/{{appUserID}}/password