Ping Identity · OAuth Scopes

Ping Identity OAuth Scopes

OAuth 2.0 searched

Ping Identity publishes 26 OAuth 2.0 scopes via the clientCredentials and authorizationCode flows. Scopes are the fine-grained permissions an application requests at authorization time to act against the Ping Identity API on a user’s behalf.

Tokens are issued from /as/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

IdentityAuthenticationAuthorizationSSOMFA
Scopes: 26 Flows: clientCredentials, authorizationCode Method: searched

OAuth endpoints

Authorization URL
/as/authorize
Token URL
/as/token
Flows
clientCredentialsauthorizationCode

Scopes (26)

ScopeDescriptionFlows
openid Required scope that tells the authorization server the incoming request is an OpenID Connect request.
profile Grants access to end-user profile claims including name, family name, given name, middle name, preferred username, nickname, picture, timezone, locale, profile, website, gender, birthdate, and updated timestamp.
email Grants access to the email and email_verified claims.
address Grants access to address claims including street address, locality, region, postal code, country, and formatted address.
phone Grants access to the phone_number and phone_number_verified claims.
p1:read:user Users can retrieve their own user identity and all attributes.
p1:update:user Users can modify the attributes of their own user identity.
p1:update:userMfaEnabled Users can enable and disable multi-factor authentication for their own user identity.
p1:create:device Users can create multi-factor authentication devices for their own user identity.
p1:read:device Users can retrieve multi-factor authentication devices for their own user identity.
p1:update:device Users can update multi-factor authentication devices for their own user identity.
p1:delete:device Users can delete multi-factor authentication devices for their own user identity.
p1:read:userPassword Users can read the password state for their own user identity.
p1:reset:userPassword Users can reset the password for their own user identity.
p1:validate:userPassword Users can validate the password for their own user identity.
p1:read:userLinkedAccounts Users can read linked accounts for their own user identity.
p1:delete:userLinkedAccounts Users can delete linked accounts for their own user identity.
p1:create:pairingKey Users can create a pairing key for their own user identity.
p1:read:pairingKey Users can read a pairing key for their own user identity.
p1:delete:pairingKey Users can delete a pairing key for their own user identity.
p1:read:sessions Users can read sessions for their own user identity.
p1:delete:sessions Users can delete sessions for their own user identity.
p1:read:userConsent Users can read consents for their own user identity.
p1:verify:user Users can verify their own user identity.
p1:read:oauthConsent Users can read oauth scope consents for their own user identity.
p1:update:oauthConsent Users can update oauth scope consents for their own user identity.

Source

OAuth Scopes

ping-identity-scopes.yml Raw ↑
generated: '2026-07-11'
method: searched
source: openapi/ping-identity-openapi.yaml
docs: https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles.html
note: PingOne documents OIDC scopes and PingOne API self-management scopes (user-only);
  administrative access to the PingOne platform APIs is granted through roles assigned
  to worker applications rather than OAuth scopes.
schemes:
- name: oauth2
  source: openapi/ping-identity-openapi.yaml
  flows:
  - flow: clientCredentials
    tokenUrl: /as/token
  - flow: authorizationCode
    authorizationUrl: /as/authorize
    tokenUrl: /as/token
scopes:
- scope: openid
  description: Required scope that tells the authorization server the incoming request
    is an OpenID Connect request.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/openid-connect-oidc-scopes.html
- scope: profile
  description: Grants access to end-user profile claims including name, family name,
    given name, middle name, preferred username, nickname, picture, timezone, locale,
    profile, website, gender, birthdate, and updated timestamp.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/openid-connect-oidc-scopes.html
- scope: email
  description: Grants access to the email and email_verified claims.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/openid-connect-oidc-scopes.html
- scope: address
  description: Grants access to address claims including street address, locality,
    region, postal code, country, and formatted address.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/openid-connect-oidc-scopes.html
- scope: phone
  description: Grants access to the phone_number and phone_number_verified claims.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/openid-connect-oidc-scopes.html
- scope: p1:read:user
  description: Users can retrieve their own user identity and all attributes.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html
- scope: p1:update:user
  description: Users can modify the attributes of their own user identity.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html
- scope: p1:update:userMfaEnabled
  description: Users can enable and disable multi-factor authentication for their
    own user identity.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html
- scope: p1:create:device
  description: Users can create multi-factor authentication devices for their own
    user identity.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html
- scope: p1:read:device
  description: Users can retrieve multi-factor authentication devices for their own
    user identity.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html
- scope: p1:update:device
  description: Users can update multi-factor authentication devices for their own
    user identity.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html
- scope: p1:delete:device
  description: Users can delete multi-factor authentication devices for their own
    user identity.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html
- scope: p1:read:userPassword
  description: Users can read the password state for their own user identity.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html
- scope: p1:reset:userPassword
  description: Users can reset the password for their own user identity.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html
- scope: p1:validate:userPassword
  description: Users can validate the password for their own user identity.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html
- scope: p1:read:userLinkedAccounts
  description: Users can read linked accounts for their own user identity.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html
- scope: p1:delete:userLinkedAccounts
  description: Users can delete linked accounts for their own user identity.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html
- scope: p1:create:pairingKey
  description: Users can create a pairing key for their own user identity.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html
- scope: p1:read:pairingKey
  description: Users can read a pairing key for their own user identity.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html
- scope: p1:delete:pairingKey
  description: Users can delete a pairing key for their own user identity.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html
- scope: p1:read:sessions
  description: Users can read sessions for their own user identity.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html
- scope: p1:delete:sessions
  description: Users can delete sessions for their own user identity.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html
- scope: p1:read:userConsent
  description: Users can read consents for their own user identity.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html
- scope: p1:verify:user
  description: Users can verify their own user identity.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html
- scope: p1:read:oauthConsent
  description: Users can read oauth scope consents for their own user identity.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html
- scope: p1:update:oauthConsent
  description: Users can update oauth scope consents for their own user identity.
  sources:
  - https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/pingone-self-management-scopes.html