PingOne access tokens are signed JWTs (JSON Web Tokens) that include identity claims about and attributes of the requestor, usually a user identity. The resource attributes service lets you customize the content of access tokens by adding custom attributes and their values. This is a great way to convey additional information about the user to applications.
Resource attributes are essentially custom identity claims associated with a resource. For example, suppose the clothing.preferences
resource with scope sizes
provides “clothing size” user claims in the token. By default, the sizes
scope does not include a t-shirt size user claim. To include the user.tshirtSize
user attribute as a user claim in the token, a resource attribute entity can be created that associates the tshirtSize
attribute with the clothing.preferences
resource. Then, for token requests to clothing.preferences
with scope sizes
, the tshirtSize
user claim is included in the token. The following diagram shows the workflow:
For information about an access token’s core claims, see Access token claims. A token’s core identity claims cannot be modified or deleted.
Property | Description |
---|---|
name |
A string that specifies the name of the custom resource attribute to be included in the access token. The following names are reserved and cannot be used:
|
type |
A string that specifies the type of resource attribute. Options are:
|
value |
A string that specifies the value of the custom resource attribute. This value can be a placeholder that references an attribute in the user schema, expressed as “${user.path.to.value}” , or it can be a static string. Placeholders must be valid, enabled attributes in the environment’s user schema. Examples fo valid values are: “${user.email}” , “${user.name.family}” , and “myClaimValueString” . |
Code | Message |
---|---|
200 | Successful operation. |
201 | Successfully created. |
204 | Successfully removed. No content. |
400 | The request could not be completed. |
401 | You do not have access to this resource. |
404 | The requested resource was not found. |