PingOne Advanced Identity Cloud as client and resource server
When PingOne Advanced Identity Cloud functions as an OAuth 2.0 client, it provides a session after successfully authenticating the resource owner and obtaining authorization. The client can then access resources protected by agents.
To configure PingOne Advanced Identity Cloud as an OAuth 2.0 client, use the Social Provider Handler node node as part of the authentication journey.
This sequence diagram shows how the client gains access to protected resources where PingOne Advanced Identity Cloud functions as both authorization server and client:
Because the OAuth 2.0 client functionality is implemented as an PingOne Advanced Identity Cloud authentication node, you do not need to deploy your own resource server implementation when using PingOne Advanced Identity Cloud as an OAuth 2.0 client. Use web or Java agents or ${ig.abbr} to protect resources.
For more information about configuring PingOne Advanced Identity Cloud as an OAuth 2.0 client, refer to Social authentication.
To use your own client and resource server, make sure the resource server implements the logic for handling access tokens and refresh tokens. The resource server can use the To design your own scopes implementation, refer to Customize OAuth2.0 using JavaScript extensions. |