This activity shows you how to define a custom resource and custom scope and add the custom scope as a claim in an access token.

The following operations are supported by the PingOne APIs:

Workflow order of operations

To add a custom claim to an access token, the following tasks must be completed successfully:

  1. Make a POST request to /environments/{environmentId}/applications to add a new application to the specified environment.

  2. Make a POST request to /environments/{environmentId}/resources to define a custom resource.

  3. Make a POST request to /environments/{environmentId}/resources/{resourceId}/scopes to define a scope for the custom resource.

  4. Make a POST request to /environments/{environmentId}/resources/{resourceId}/attribute to define a resource attribute mapping.

  5. Make a POST request to /environments/{environmentId}/applications/{applicationId}/grants to create the access grant for the application.

  6. Make a POST request to /environments/{id}/populations to create a new population resource.

  7. Make a POST request to /environments/{id}/users to create a user who will be assigned to the new population resource.

  8. Make a POST request to /environments/{id}/users/{userId}/password to set the new user’s password.

  9. Make a GET request to /{environmentId}/as/authorize to obtain an authorization grant. This request starts the authorization and authentication flow.

  10. To initiate the authentication flow, make a GET request to /{environmentId}/flows/{flowID}.

  11. To complete the authentication flow, make a POST request to /{environmentId}/flows/{flowID} and provide the user’s login credentials.

  12. Make a GET request to /{environmentId}/as/resume?flowId={flowID} to call the resume endpoint and return the token.

Click the Run in Postman button below to download the Postman collection for this use case.

Run in Postman