Ping Identity Data Governance Server - Authenticated Identity OAuth2 Scope

Data Governance Server Documentation Index
Configuration Reference Home

Authenticated Identity OAuth2 Scope

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

An access token granted an Authenticated Identity OAuth2 Scope may be used to perform operations on the SCIM Resource or Sub-Resource Type of the identity currently authenticated by the Data Governance Server. SCIM resource attributes defined by this Authenticated Identity OAuth2 Scope may be retrieved as claims from the Open ID Connect /userinfo endpoint or as SCIM attributes from the SCIM /Me endpoint. An Authenticated Identity OAuth2 Scope does not enable access to any SCIM Resource or Sub-Resource Types other than the authenticated identity.

↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage

Parent Component

The Authenticated Identity OAuth2 Scope component inherits from the OAuth2 Scope

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ token-name	None
↓ description
↓ tag
↓ resource-operation
↓ resource-attribute

Basic Properties

token-name (Read-Only)

Description	An OAuth 2.0 access token scope compliant with RFC 6749. The following characters are not permitted: space, '"', '\', '+' and ','.
Default Value	None
Allowed Values	An OAuth 2.0 access token scope compliant with RFC 6749. The following characters are not permitted: space, '"', '\', '+' and ','.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

description

Description	A description for this OAuth2 Scope
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

tag

Description	Tags associated with this OAuth2 Scope. Tags are arbitrary additional properties that may be examined by XACML policies.
Default Value	None
Allowed Values	A string
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

resource-operation

Description	The operations allowed by this Authenticated Identity OAuth2 Scope on the specified resource or sub-resource attributes.
Default Value	None
Allowed Values	retrieve - Indicates that this scope may be used to retrieve attributes from a resource. modify - Indicates that this scope may be used to modify resource attributes. This corresponds to a SCIM PATCH or PUT operation. create - Indicates that this scope may be used to create a new instance of a resource. delete - Indicates that this scope may be used to delete resource instances. search - Indicates that this scope may be used to search for resources using a SCIM filter.
Multi-Valued	Yes
Required	Yes
Admin Action Required	None. Modification requires no further action

resource-attribute

Description	The resource or sub-resource attributes for which this Authenticated Identity OAuth2 Scope allows access. The type of access is determined by the resource-operation property. A value of "*" indicates that all attributes are accessible. Retrieval of common attributes schemas, id, and meta will always be allowed if the resource-operation includes the retrieve operation.
Default Value	None
Allowed Values	A string
Multi-Valued	Yes
Required	Yes
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured OAuth2 Scopes:

dsconfig list-oauth2-scopes
     [--property {propertyName}] ...

To view the configuration for an existing OAuth2 Scope:

dsconfig get-oauth2-scope-prop
     --scope-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing OAuth2 Scope:

dsconfig set-oauth2-scope-prop
     --scope-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Authenticated Identity OAuth2 Scope:

dsconfig create-oauth2-scope
     --scope-name {name}
     --set resource-operation:{propertyValue}
     --set resource-attribute:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing OAuth2 Scope:

dsconfig delete-oauth2-scope
     --scope-name {name}