Application resources define the connection between PingOne and the actual application (also known as a client connection). PingOne supports several application types. When you make a request to define a new application, you must specify the type property that specifies one of the following application types:

The type of application specified determines several key properties, including the resource grant type that can be applied to the application. For example, the following table shows the relationships between the application type attribute and the default grantTypes, response_type, and tokenEndpointAuthMethod attributes.

Application type Grant type Response type Token endpoint authentication method
Worker/Non-interactive CLIENT_CREDENTIALS TOKEN CLIENT_SECRET_BASIC
Native AUTHORIZATION_CODE, IMPLICIT TOKEN, ID_TOKEN, CODE NONE
Web AUTHORIZATION_CODE CODE CLIENT_SECRET_BASIC
Single-page IMPLICIT TOKEN, ID_TOKEN NONE

Managing applications

The base endpoint, /environment/{environmentID}/applications, provides endpoint operations to create, read, update, and delete OIDC and SAML application connections. There are POST request examples to show the required properties to create each type of application connection. For more information, see Application Operations.

The secret endpoint, /environments/{environmentId}/applications/{applicationId}/secret, provides endpoint operations to read and update the application’s secret, if the requesting actor has a superset of the application’s role assignments. For more information, see Application Secret.

Applications support the following additional configuration properties:

Application resource grants

The application resource grants endpoint, /environments/{environmentId}/applications/{applicationId}/grants, provides endpoint operations to create, read, update, and delete the resource grant associated with the application connection. For more information, see Application Resource Grants.

Application sign-on policy assignments

The application sign-on policy assignments endpoint, /environments/{environmentId}/applications/{applicationId}/signOnPolicyAssignments, provides endpoint operations to create, read, update, and delete the sign-on policies associated with the application connection. For more information, see Application Sign-On Policy Assignments.

Application role assignments

The application role assignments endpoint, /environments/{environmentId}/applications/{applicationId}/roleAssignments, provides endpoint operations to create, read, update, and delete the role assignments associated with the application connection. For more information, see Application Role Assignments.

Application attribute mapping

The application attribute mapping endpoint, /environments/{environmentId}/applications/{applicationId}/roleAssignments, lets you customize the content of an ID token or a SAML assertion by adding custom attributes and their values. For more information, see Application Attribute Mapping.

Application MFA push credentials

Push credentials are required for sending push notifications to a native application. The endpoint, /environments/{environmentId}/applications/{applicationId}/pushCredentials, provides endpoint operations to create, read, update, and delete the push credentials associated with the application connection. This section provides examples for both APNS and FCM push credential types. For more information, see Application MFA Push Credentials.