OIDCApplications
The OIDC-protocol applications in the environment.
View-Specific Information
SELECT
Reading data from this entity requires Read Application/applications:read:application permission.We recommend using the built-in Client Application Developer role.
The 本製品 uses the PingOne Platform API to process WHERE clause conditions built with the following columns and operators.
- Id supports the following operators: =, IN.
All other filters are processed client-side within the 本製品.
For example, the following queries are processed server-side:
SELECT * FROM Administrators.OIDCApplications WHERE Id = '8f2c6a33-1f7f-458e-8b58-f92507742293';
SELECT * FROM Administrators.OIDCApplications WHERE Id IN ('8f2c6a33-1f7f-458e-8b58-f92507742293', '4441de0a-e4f2-47da-a217-545955eb23a5');
Columns
| Name | Type | References | Description |
| Id [KEY] | String | The application identifier (UUID). | |
| Name | String | The name of the application. | |
| Description | String | The application's description. | |
| IsEnabled | Boolean | Boolean value indicating whether the application is enabled for authorization to PingOne. | |
| Type | String | The type of the application. Possible values are: 'WEB_APP', 'NATIVE_APP', 'SINGLE_PAGE_APP', 'SERVICE', 'CUSTOM_APP', 'WORKER', 'PING_ONE_SELF_SERVICE', 'PING_ONE_ADMIN_CONSOLE', 'PING_ONE_PORTAL', 'TEMPLATE_APP' and 'PORTAL_LINK_APP'. | |
| EnvironmentId | String | Information.Environments.Id | The identifier (UUID) of the environment in which the application exists. |
| CreatedAt | Datetime | The time at which the application was created. | |
| UpdatedAt | Datetime | The time at which the application was last updated. | |
| LoginPageURL | String | The application's login page URL. | |
| HomePageURL | String | The application's home page URL. | |
| IsHiddenFromPortal | Boolean | Boolean value indicating whether the application is hidden in the application portal. | |
| IconURL | String | The URL of the application's icon. | |
| AccessControlRolesCriteria | String | The user role criteria for accessing the application. Possible values are 'ADMIN_USERS_ONLY'. A user is an admin user if they have one or more of the following roles: 'Organization Admin', 'Environment Admin', 'Identity Data Admin' or 'Client Application Developer'. | |
| CORSRestriction | String | The application's restriction in regards to CORS requests. Possible values are 'ALLOW_NO_ORIGINS' and 'ALLOW_SPECIFIC_ORIGINS'. 'ALLOWS_NO_ORIGINS' rejects all CORS requests. 'ALLOW_SPECIFIC_ORIGINS' rejects all CORS requests except those listed in the 'CORSAllowedOrigins' column. | |
| CORSAllowedOrigins | String | The origins from which CORS requests to the Authorization and Authentication APIs are allowed. This applies only when 'CORSRestriction' is set to 'ALLOW_SPECIFIC_ORIGINS'. | |
| KeyRotationPolicyId | String | The key rotation policy identifier (UUID) of the key used to sign the API tokens generated for the application. | |
| TokenEndpointMethod | String | The authentication methods supported by the token endpoint. Possible values are: 'NONE', 'CLIENT_SECRET_BASIC', 'CLIENT_SECRET_POST', 'PRIVATE_KEY_JWT', and 'CLIENT_SECRET_JWT'. | |
| ResponseTypes | String | The code or token type returned by an authorization request. Possible values are: 'TOKEN', 'ID_TOKEN', and 'CODE'. | |
| GrantTypes | String | The grant type for the authorization request. Possible values are: 'authorization_code', 'implicit', 'refresh_token', 'device_code', and 'client_credentials'. | |
| PkceEnforcement | String | Specifies how PKCE request parameters are handled on the authorize request. Possible values are: 'OPTIONAL', 'REQUIRED', and 'S256_REQUIRED'. | |
| RefreshTokenDuration | Integer | The lifetime in seconds of the refresh token. | |
| RefreshTokenRollingDuration | Integer | The number of seconds a refresh token can be exchanged before re-authentication is required. If a value is not provided, the refresh token is valid forever. | |
| RefreshTokenRollingGracePeriodDuration | Integer | The number of seconds that a refresh token may be reused after having been exchanged for a new set of tokens (rolled). | |
| IsRefreshTokenReplayProtectionEnabled | Boolean | Boolean value indicating how the authorization server should behave if the actor re-uses/re-rolls a used refresh token. If true/enabled, the authorization server immediately revokes the reused refresh token, as well as all descendant tokens. | |
| RedirectURIs | String | The callback URIs configured for the authentication response. | |
| AllowWildcardInRedirectURIs | Boolean | Boolean value indicating whether wildcards are allowed in redirect URIs. | |
| JWKS | String | The JSON Web Key Set (JWKS) that validates the signature of signed JWTs for applications that use the 'PRIVATE_KEY_JWT' option in the 'TokenEndpointMethod' method. | |
| JWKSUrl | String | A URL that points to a JWKS string which validates the signature of signed JWTs for applications that use the 'PRIVATE_KEY_JWT' option in the 'TokenEndpointMethod' column. If the 'JWKS' column is empty, the JWKS is provided from the URL configured here instead. | |
| ParRequirement | String | Whether pushed authorization requests (PAR) are required. Possible values are: 'REQUIRED' and 'OPTIONAL'. | |
| ParTimeout | Integer | Pushed authorization request (PAR) timeout in seconds. | |
| RequiresSignedRequestObject | Boolean | Boolean value indicating whether the Java Web Token (JWT) for the request query parameter is required to be signed. If false or null, a signed request object is not required. | |
| InitiateLoginURI | String | The URI to use for third-parties to begin the sign-on process for the application. If specified, PingOne redirects users to this URI to initiate SSO to PingOne. | |
| TargetLinkURI | String | The URI for the application. If specified, PingOne will redirect application users to this URI after a user is authenticated. | |
| PostLogoutRedirectURIs | String | The URLs that the browser can be redirected to after logout. | |
| Tags | String | An array that specifies the list of labels associated with the application (Worker). Possible values are: 'PING_FED_CONNECTION_INTEGRATION'. | |
| DevicePathId | String | A string that specifies a unique identifier within an environment for a device authorization grant flow to provide a short identifier to the application. This is ignored when the 'DeviceCustomVerificationURI' column is configured. | |
| DeviceCustomVerificationURI | String | A string that specifies an optional custom verification URI that is returned for the '/device_authorization' endpoint. | |
| DeviceTimeout | Integer | An integer that specifies the length of time (in seconds) for which the 'userCode' and 'deviceCode' returned by the '/device_authorization' endpoint are valid. This property applies only to applications in which the 'GrantTypes' column is set to 'device_code'. | |
| DevicePollingInterval | Integer | An integer that specifies the frequency (in seconds) for the client to poll the '/as/token' endpoint. This property applies only to applications in which the 'GrantTypes' column is set to 'device_code'. | |
| MobileBundleId | String | The bundle associated with the application, for push notifications in native apps. Used only for applications for the Apple ecosystem. | |
| MobilePackageName | String | The package name associated with the application, for push notifications in native apps. Used only for applications for the Google ecosystem. | |
| MobileURIPrefix | String | A URI prefix that enables direct triggering of the mobile application when scanning a QR code. | |
| HuaweiAppId | String | The unique identifier for the app on the device and in the Huawei Mobile Service AppGallery. Used only for applications for the Huawei ecosystem. | |
| HuaweiPackageName | String | The package name associated with the application, for push notifications in native apps. Used only for applications for the Huawei ecosystem. | |
| IntegrityDetectionMode | String | Indicates whether device integrity detection takes place on mobile devices, for the application's enrollment and authentication events. Possible values are: 'ENABLED' and 'DISABLED'. | |
| IntegrityDetectionExcludedPlatforms | String | Operating systems you want to exclude from device integrity checking. The possible values are 'GOOGLE' and 'IOS'. | |
| IntegrityDetectionVerificationType | String | The type of verification that should be used. Possible values are: 'GOOGLE' and 'INTERNAL'. | |
| IntegrityDetectionCacheDurationAmount | Integer | The duration between successful integrity detection calls. | |
| IntegrityDetectionCacheDurationUnits | String | The time units used for the 'IntegrityDetectionCacheDurationAmount' column. Possible values are: 'MINUTES' and 'HOURS'. | |
| PasscodeRefreshDurationAmount | Integer | The amount of time a passcode should be displayed before being replaced with a new passcode. | |
| PasscodeRefreshDurationUnits | String | The type of time unit for the 'PasscodeRefreshDurationAmount' column. Possible values are: 'SECONDS'. |