This activity shows you how to define a custom resource and custom scope and add the custom scope as a claim in an access token.
The following operations are supported by the PingOne APIs:
Workflow order of operations
To add a custom claim to an access token, the following tasks must be completed successfully:
Make a POST
request to /environments/{{envID}}/applications
to add a new application to the specified environment.
Make a POST
request to /environments/{{envID}}/resources
to define a custom resource.
Make a POST
request to /environments/{{envID}}/resources/{{resourceID}}/scopes
to define a scope for the custom resource.
Make a POST
request to /environments/{{envID}}/resources/{{resourceID}}/attribute
to define a resource attribute mapping.
Make a POST
request to /environments/{{envID}}/applications/{{appID}}/grants
to create the access grant for the application.
Make a POST
request to /environments/{{envID}}/populations
to create a new population resource.
Make a POST
request to /environments/{{envID}}/users
to create a user who will be assigned to the new population resource.
Make a POST
request to /environments/{{envID}}/users/{{userID}}/password
to set the new user’s password.
Make a GET
request to /{{envID}}/as/authorize
to obtain an authorization grant. This request starts the authorization and authentication flow.
To initiate the authentication flow, make a GET
request to /{{envID}}/flows/{{flowID}}
.
To complete the authentication flow, make a POST
request to /{{envID}}/flows/{{flowID}}
and provide the user’s login credentials.
Make a GET
request to /{{envID}}/as/resume?flowId={{flowID}}
to call the resume endpoint and return the token.
Click the Run in Postman button below to download the Postman collection for this use case.