PingOne

Adding a Meme Game application in PingOne

Learn how to create an application in PingOne that is granted access to a managed API service, then demonstrate authorized access to the API service.

About this task

You’ll create a Meme Game application in PingOne that has access to the Meme Game API. First, you’ll add a scope to the Meme Game API service and use the scope to configure access to Meme Game APIs. Then, you’ll add a single-page application that represents the browser-based game. Last, you’ll grant permission for the Meme Game application to access the Meme Game API service.

Steps

  1. Add a scope to the Meme Game API service:

    1. On the Meme Game API service Overview tab in PingOne, under PingOne Resource, click Meme Game.

      Screen capture of the API Services Overview tab in PingOne.

      If you need to find the Meme Game API service in PingOne, go to Authorization > API Services.

      This resource link is available because you created the resource automatically when you added the Meme Game API service.

    2. In Applications > Resources, on the Scopes tab, click + Add Scope.

    3. In the Scope Name field, enter meme-game.

    4. Click Save.

      Result:

      Now you’re ready to add the Meme Game application in PingOne.

  2. Add a single-page application for the Meme Game:

    1. Go to Applications > Applications and click the icon to add an application.

    2. For the Application Name, enter Meme Game as a unique identifier for the application, and then enter a meaningful Description.

    3. For the Application Type, select Single-Page.

      Screen capture of the Name and Description fields and the Application Type options for a new application in PingOne.
    4. Click Save.

  3. To enable the application, click the Enable toggle.

  4. Configure the Meme Game application to act as an API client without any notion of users.

    This will make testing easier later, because you won’t have to configure users.

    1. On the Configuration tab, click the Pencil icon.

    2. Under Grant Type, select the Client Credentials checkbox, and then in the Token Endpoint Authentication Method list, select Client Secret Basic.

    3. For Redirect URIs, enter the following redirect:

      https://oauth.pstmn.io/v1/callback

      This enables you to sign on as a user from Postman in a later tutorial.

    4. Click Save.

  5. Grant an OAuth scope to your application.

    This allows your application to access Meme Game APIs.

    1. Click the Resources tab, and then click the Pencil icon.

    2. Select the meme-game checkbox.

      Screen capture of Edit Resources showing the available scopes for the Meme Game application.
    3. Click Save.

      Next, you’ll populate variables in Postman for your new application.

  6. Set up Postman and send requests:

    1. On the Configuration tab of the Meme Game application, copy the following values from the General section into corresponding current values on the Variables tab in Postman:

      • Client ID: The Postman variable is gameClientId.

      • Client Secret: The Postman variable is gameClientSecret.

    2. In Postman, click Save to save the current values you assigned.

      Result:

      You’re ready to send a request to get an access token.

    3. In Postman, select the Get Token as Game Client request and click Send.

      Screen capture of the Get Token as Game Client request in Postman.

      Result:

      The access token is in the response and it has the meme-game scope.

      Screen capture of the access token response body in Postman.

      Postman, acting as the Meme Game application, has an access token for the Meme Game API. Try a Postman request to see if the Meme Game application can get memes.

    4. In Postman, select the Get all memes by user.0 request and click Send.

      Result:

      You get a 200 OK response with data in the response body. You’ve configured access control for two applications: one that can access the Meme Game API and one that can’t.

      Check the banking application again to make sure it can’t access the Meme Game API now. First, get an access token for the banking application. Then, retry the request to get memes.

    5. Select the Get Token as Bank App request and click Send.

      Result:

      Your access token has the banking scope.

    6. Select the Get all memes by user.0 request and click Send.

      Result:

      You get a 401 Unauthorized response.

      Troubleshooting:

      Not getting the right results? Learn more about troubleshooting in Viewing API Access Management events in your PingOne environment audit log.

Result

Congratulations! By configuring a plugin that connects Kong Gateway to PingOne, you’ve centralized the management of API access control in PingOne. Now you don’t have to deal with the intricacies of OAuth or the risks of a distributed configuration for permissions and access control.

In this tutorial, you connected PingOne to Kong Gateway and configured applications and a managed API service in PingOne. By controlling which applications are authorized to connect to the managed API service, you demonstrated that only authorized clients are able to access managed APIs.

Next steps

Learn more about additional API Access Management capabilities of PingOne Authorize in the tutorial for user-based access control for specific API operations.