Qodex.ai

Configure an Application with a Refresh Token Grant

Number of APIs: 10

This activity shows you how to create an application, configure its connection settings, create a resource access grant, and initiate an authorization request.

The following operations are supported by the PingOne APIs:

  • Create an application
  • Create a resource access grant
  • Initiate an authorization_code authorization flow
  • Update a user attribute

Prerequisites

  • Get an access token from the worker application you created in Getting Started with the PingOne APIs. If you prefer to get a token from a different worker application in an alternate sandbox environment, run the token request endpoint using the client ID and client secret of your chosen worker app to authenticate the request. See GET a Worker Application Access Token.

Workflow order of operations

To configure an application and initiate an authorization code flow, the following tasks must be completed successfully:

  1. Make a POST request to /environments/{{envID}}/applications to add a new application to the specified environment.

  2. Make a GET request to /environments/{{envID}}/applications/{{appID}}/secret to return the new application's secret attribute.

  3. Make a POST request to /environments/{{envID}}/populations to create a new population resource.

  4. Make a POST request to /environments/{{envID}}/users to create a user who will be associated with the new population resource.

  5. Make a PUT request to /environments/{{envID}}/users/{{userID}}/password to set the new user's password.

  6. Make a GET request to /{{envID}}/as/authorize to obtain an authorization grant. This request starts the authorization flow.

  7. To initiate the authentication flow, make a GET request to GET /{{envID}}/flows/{{flowID}}.

  8. To complete the authentication flow, make a POST request to GET /{{envID}}/flows/{{flowID}} and provide the user's login credentials.

  9. Make a GET request to /{{envID}}/as/resume?flowId={{flowID}} to call the resume endpoint and return the token.

  10. After the authorization flow completes and returns an auth code, make a POST request to /{{envID}}/as/token to exchange the auth code for an access token and return the refresh token.

  1. Step 1: Create an application POST {{apiPath}}/environments/{{envID}}/applications

  2. Step 3: Create a population POST {{apiPath}}/environments/{{envID}}/populations

  3. Step 2: Get the application secret GET {{apiPath}}/environments/{{envID}}/applications/{{AppWithRefreshGrantID}}/secret

  4. Step 4: Create user POST {{apiPath}}/environments/{{envID}}/users

  5. Step 5: Set user password PUT {{apiPath}}/environments/{{envID}}/users/{{appUserID}}/password

  6. Step 10: Generate the access token POST {{authPath}}/{{envID}}/as/token

  7. Step 6: Send an authorize request GET {{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{AppWithRefreshGrantID}}&redirect_uri=https://www.example.com&scope=openid

  8. Step 7: Get the flow GET {{authPath}}/{{envID}}/flows/{{flowID}}

  9. Step 8: Submit login credentials POST {{authPath}}/{{envID}}/flows/{{flowID}}

  10. Step 9: Call the resume endpoint GET {{authPath}}/{{envID}}/as/resume?flowId={{flowID}}