Skip to main content
Question

How to Authorize PING ID token from client as Bearer token with IFS

I
Do Gooder (Partner)
Forum|alt.badge.img+2

Hi,

My client is using PING ID for authorisation. So, he wants to provide bearer token (generated from PINGID )  to IFS in case of integrations as well. But OfCourse it is failing as Invalid token, as currently this token doesn’t have IAM details. I am trying to figure out is there any way how IFS can authorize it ?

What details (header/payload attributes) can we provide to client to receive a token from PINGID that IFS can accept? Will it resolve if PINGID sends token containing IAM details or anything that IFS can validate.

Is there any documentation on how IFS Framework handles Bearer token in IFS.

 

 

6 replies

dsj
Superhero (Partner)
Forum|alt.badge.img+22
  • dsj
  • Superhero (Partner)
  • 837 replies
  • March 25, 2025

Hi ​@InfSurajM 

Here you can find how the bearer token flow in IFS Cloud.

User Authentication - Technical Documentation For IFS Cloud

 

/Damith

DSJ - https://dsj23.me
Arosha Mudalige
1 person likes this
  • Arosha Mudalige
    Arosha Mudalige
I
Do Gooder (Partner)
Forum|alt.badge.img+2
  • InfSurajM
  • Author
  • Do Gooder (Partner)
  • 2 replies
  • March 26, 2025

Hi ​@dsj ,

Thanks for responding.I have already gone through the section in the link.However, in my case, client access token url is of PINGID not IFSCloud. So they are recieving the bearer token from PINGID. What we can share with PINGID/client in order of that incoming bearer token from PINGID gets validated in IFS.

 

Regards,

Suraj Mohan

dsj
Superhero (Partner)
Forum|alt.badge.img+22
  • dsj
  • Superhero (Partner)
  • 837 replies
  • March 26, 2025

Hi ​@InfSurajM 

 

Has the IFS configured to use PingID as external Identity Provider?

DSJ - https://dsj23.me
I
Do Gooder (Partner)
Forum|alt.badge.img+2
  • InfSurajM
  • Author
  • Do Gooder (Partner)
  • 2 replies
  • March 26, 2025

Hi ​@dsj ,

Yes, PINGID is configured in IFS for SSO login, which is working fine. But for Integrations, client is using system to system integration , that’s why they will send the bearer token generated in PINGID.

 

Regards,

Suraj

dsj
Superhero (Partner)
Forum|alt.badge.img+22
  • dsj
  • Superhero (Partner)
  • 837 replies
  • March 26, 2025

Hi ​@InfSurajM 

 

According to my experience, only the bearer tokens obtained through Authorization Code Flow (rendering a browser and login with a 3rd pard IDP) is supported with IFS Cloud. Below note from the documentation confirms the same.

 

If the PingID application can be setup to obtain a token using ROPC using a username which is in IFS,  then you might be able to use that token for IFS. I have not tried that and can’t say if it works for sure, and enabling ROPC is a security risk, so consider that as well.

 

Hope it helps!

Damith

DSJ - https://dsj23.me
dsj
Superhero (Partner)
Forum|alt.badge.img+22
  • dsj
  • Superhero (Partner)
  • 837 replies
  • March 27, 2025
dsj wrote:

Hi ​@InfSurajM 

 

According to my experience, only the bearer tokens obtained through Authorization Code Flow (rendering a browser and login with a 3rd pard IDP) is supported with IFS Cloud. Below note from the documentation confirms the same.

 

If the PingID application can be setup to obtain a token using ROPC using a username which is in IFS,  then you might be able to use that token for IFS. I have not tried that and can’t say if it works for sure, and enabling ROPC is a security risk, so consider that as well.

 

Hope it helps!

Damith

 

I take back my suggestion of using ROPC. According to the note, it’s not supported.

DSJ - https://dsj23.me
I
1 person likes this
  • I
    InfSurajM

Reply


Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings