Use the PUT oauth/authServerSettings endpoint to update the authorization server settings.
| Code | Reason |
|---|---|
| 200 | Authorization Server Settings updated. |
| 400 | The request was improperly formatted or contained invalid fields. |
| 403 | PingFederate does not have its OAuth 2.0 authorization server role enabled. Operation not available. |
| 422 | Validation error(s) occurred. |
AuthorizationServerSettings - Authorization Server Settings attributes.
| Property | Type | Description |
|---|---|---|
| adminWebServicePcvRef | ResourceLink | The password credential validator reference that is used for authenticating access to the OAuth Administrative Web Service. |
| allowUnidentifiedClientExtensionGrants | boolean | Allow unidentified clients to request extension grants. The default value is false. |
| allowUnidentifiedClientROCreds | boolean | Allow unidentified clients to request resource owner password credentials grants. The default value is false. |
| allowedOrigins | array[string] | The list of allowed origins. |
| approvedScopesAttribute | string | Attribute from the external consent adapter’s contract, intended for storing approved scopes returned by the external consent page. |
| atmIdForOAuthGrantManagement | string | The ID of the Access Token Manager used for OAuth enabled grant management. |
| authorizationCodeEntropy * | integer | The authorization code entropy, in bytes. |
| authorizationCodeTimeout * | integer | The authorization code timeout, in seconds. |
| bypassActivationCodeConfirmation * | boolean | Indicates if the Activation Code Confirmation page should be bypassed if ‘verification_url_complete’ is used by the end user to authorize a device. |
| bypassAuthorizationForApprovedGrants | boolean | Bypass authorization for previously approved persistent grants. The default value is false. |
| defaultScopeDescription * | string | The default scope description. |
| devicePollingInterval * | integer | The amount of time client should wait between polling requests, in seconds. |
| exclusiveScopeGroups | array[ScopeGroupEntry] | The list of exclusive scope groups. |
| exclusiveScopes | array[ScopeEntry] | The list of exclusive scopes. |
| pendingAuthorizationTimeout * | integer | The ‘device_code’ and ‘user_code’ timeout, in seconds. |
| persistentGrantContract | PersistentGrantContract | The persistent grant contract defines attributes that are associated with OAuth persistent grants. |
| persistentGrantIdleTimeout | integer | The persistent grant idle timeout. |
| persistentGrantIdleTimeoutTimeUnit | PersistentGrantLifetimeUnit | The persistent grant idle timeout time unit. |
| persistentGrantLifetime | integer | The persistent grant lifetime. The default value is indefinite. |
| persistentGrantLifetimeUnit | PersistentGrantLifetimeUnit | The persistent grant lifetime unit. |
| persistentGrantReuseGrantTypes | Set[GrantType] | The grant types that the OAuth AS can reuse rather than creating a new grant for each request. |
| refreshRollingInterval * | integer | The minimum interval to roll refresh tokens, in hours. |
| refreshTokenLength * | integer | The refresh token length in number of characters. |
| registeredAuthorizationPath * | string | The Registered Authorization Path is concatenated to PingFederate base URL to generate ‘verification_url’ and ‘verification_url_complete’ values in a Device Authorization request. PingFederate listens to this path if specified |
| rollRefreshTokenValues | boolean | The roll refresh token values default policy. The default value is true. |
| scopeForOAuthGrantManagement | string | The OAuth scope to validate when accessing grant management service. |
| scopeGroups | array[ScopeGroupEntry] | The list of common scope groups. |
| scopes | array[ScopeEntry] | The list of common scopes. |
| tokenEndpointBaseUrl | string | The token endpoint base URL used to validate the ‘aud’ claim during Private Key JWT Client Authentication. |
| trackUserSessionsForLogout | boolean | Determines whether user sessions are tracked for logout. If this property is not provided on a PUT, the setting is left unchanged. |
| userAuthorizationConsentAdapter | string | Adapter ID of the external consent adapter to be used for the consent page user interface. |
| userAuthorizationConsentPageSetting | UserAuthorizationConsentPageSetting | User Authorization Consent Page setting to use PingFederate’s internal consent page or an external system |
| userAuthorizationUrl | string | The URL used to generate ‘verification_url’ and ‘verification_url_complete’ values in a Device Authorization request |
ScopeEntry - A scope name and its description.
| Property | Type | Description |
|---|---|---|
| description * | string | The description of the scope that appears when the user is prompted for authorization. |
| dynamic | boolean | True if the scope is dynamic. (Defaults to false) |
| name * | string | The name of the scope. |
ScopeGroupEntry - A scope group name and its description.
| Property | Type | Description |
|---|---|---|
| description * | string | The description of the scope group. |
| name * | string | The name of the scope group. |
| scopes * | array[string] | The set of scopes for this scope group. |
PersistentGrantContract
| Property | Type | Description |
|---|---|---|
| coreAttributes * | array[PersistentGrantAttribute] | This is a read-only list of persistent grant attributes and includes USER_KEY and USER_NAME. Changes to this field will be ignored. |
| extendedAttributes | array[PersistentGrantAttribute] | A list of additional attributes for the persistent grant contract. |
PersistentGrantAttribute - A persistent grant contract attribute.
| Property | Type | Description |
|---|---|---|
| name * | string | The name of this attribute. |
ResourceLink - A reference to a resource.
| Property | Type | Description |
|---|---|---|
| id * | string | The ID of the resource. |
| location | string | A read-only URL that references the resource. If the resource is not currently URL-accessible, this property will be null. |