This activity shows you how to define a custom resource and custom scope and add the custom scope as a claim in an access token.

The following operations are supported by the PingOne APIs:

• Create an application
• Create a custom resouce and scope
• Create a resource attribute mapping
• Initiate authorization and complete the authentication flow
• Verify the custom claim in the access token

Workflow order of operations

To add a custom claim to an access token, the following tasks must be completed successfully:

1. Make a POST request to /environments/{{envID}}/applications to add a new application to the specified environment.

2. Make a POST request to /environments/{{envID}}/resources to define a custom resource.

3. Make a POST request to /environments/{{envID}}/resources/{{resourceID}}/scopes to define a scope for the custom resource.

4. Make a POST request to /environments/{{envID}}/resources/{{resourceID}}/attribute to define a resource attribute mapping.

5. Make a POST request to /environments/{{envID}}/applications/{{appID}}/grants to create the access grant for the application.

6. Make a POST request to /environments/{{envID}}/populations to create a new population resource.

7. Make a POST request to /environments/{{envID}}/users to create a user who will be assigned to the new population resource.

8. Make a POST request to /environments/{{envID}}/users/{{userID}}/password to set the new user’s password.

9. Make a GET request to /{{envID}}/as/authorize to obtain an authorization grant. This request starts the authorization and authentication flow.

10. To initiate the authentication flow, make a GET request to /{{envID}}/flows/{{flowID}}.

11. To complete the authentication flow, make a POST request to /{{envID}}/flows/{{flowID}} and provide the user’s login credentials.

12. Make a GET request to /{{envID}}/as/resume?flowId={{flowID}} to call the resume endpoint and return the token.

Click the Run in Postman button below to download the Postman collection for this use case.