Use the GET /oauth/authServerSettings endpoint to retrieve the authorization server settings.

Status codes

Code Reason
200 Success.
403 PingFederate does not have its OAuth 2.0 authorization server role enabled. Operation not available.

AuthorizationServerSettings - Authorization Server Settings attributes.

Property Type Description
adminWebServicePcvRef ResourceLink The password credential validator reference that is used for authenticating access to the OAuth Administrative Web Service.
allowUnidentifiedClientExtensionGrants boolean Allow unidentified clients to request extension grants. The default value is false.
allowUnidentifiedClientROCreds boolean Allow unidentified clients to request resource owner password credentials grants. The default value is false.
allowedOrigins array[string] The list of allowed origins.
approvedScopesAttribute string Attribute from the external consent adapter’s contract, intended for storing approved scopes returned by the external consent page.
atmIdForOAuthGrantManagement string The ID of the Access Token Manager used for OAuth enabled grant management.
authorizationCodeEntropy * integer The authorization code entropy, in bytes.
authorizationCodeTimeout * integer The authorization code timeout, in seconds.
bypassActivationCodeConfirmation * boolean Indicates if the Activation Code Confirmation page should be bypassed if ‘verification_url_complete’ is used by the end user to authorize a device.
bypassAuthorizationForApprovedGrants boolean Bypass authorization for previously approved persistent grants. The default value is false.
defaultScopeDescription * string The default scope description.
devicePollingInterval * integer The amount of time client should wait between polling requests, in seconds.
exclusiveScopeGroups array[ScopeGroupEntry] The list of exclusive scope groups.
exclusiveScopes array[ScopeEntry] The list of exclusive scopes.
pendingAuthorizationTimeout * integer The ‘device_code’ and ‘user_code’ timeout, in seconds.
persistentGrantContract PersistentGrantContract The persistent grant contract defines attributes that are associated with OAuth persistent grants.
persistentGrantIdleTimeout integer The persistent grant idle timeout.
persistentGrantIdleTimeoutTimeUnit PersistentGrantLifetimeUnit The persistent grant idle timeout time unit.
persistentGrantLifetime integer The persistent grant lifetime. The default value is indefinite.
persistentGrantLifetimeUnit PersistentGrantLifetimeUnit The persistent grant lifetime unit.
persistentGrantReuseGrantTypes Set[GrantType] The grant types that the OAuth AS can reuse rather than creating a new grant for each request.
refreshRollingInterval * integer The minimum interval to roll refresh tokens, in hours.
refreshTokenLength * integer The refresh token length in number of characters.
registeredAuthorizationPath * string The Registered Authorization Path is concatenated to PingFederate base URL to generate ‘verification_url’ and ‘verification_url_complete’ values in a Device Authorization request. PingFederate listens to this path if specified
rollRefreshTokenValues boolean The roll refresh token values default policy. The default value is true.
scopeForOAuthGrantManagement string The OAuth scope to validate when accessing grant management service.
scopeGroups array[ScopeGroupEntry] The list of common scope groups.
scopes array[ScopeEntry] The list of common scopes.
tokenEndpointBaseUrl string The token endpoint base URL used to validate the ‘aud’ claim during Private Key JWT Client Authentication.
trackUserSessionsForLogout boolean Determines whether user sessions are tracked for logout. If this property is not provided on a PUT, the setting is left unchanged.
userAuthorizationConsentAdapter string Adapter ID of the external consent adapter to be used for the consent page user interface.
userAuthorizationConsentPageSetting UserAuthorizationConsentPageSetting User Authorization Consent Page setting to use PingFederate’s internal consent page or an external system
userAuthorizationUrl string The URL used to generate ‘verification_url’ and ‘verification_url_complete’ values in a Device Authorization request

ScopeEntry - A scope name and its description.

Property Type Description
description * string The description of the scope that appears when the user is prompted for authorization.
dynamic boolean True if the scope is dynamic. (Defaults to false)
name * string The name of the scope.

ScopeGroupEntry - A scope group name and its description.

Property Type Description
description * string The description of the scope group.
name * string The name of the scope group.
scopes * array[string] The set of scopes for this scope group.


Property Type Description
coreAttributes * array[PersistentGrantAttribute] This is a read-only list of persistent grant attributes and includes USER_KEY and USER_NAME. Changes to this field will be ignored.
extendedAttributes array[PersistentGrantAttribute] A list of additional attributes for the persistent grant contract.

PersistentGrantAttribute - A persistent grant contract attribute.

Property Type Description
name * string The name of this attribute.

ResourceLink - A reference to a resource.

Property Type Description
id * string The ID of the resource.
location string A read-only URL that references the resource. If the resource is not currently URL-accessible, this property will be null.