The Implicit Grant Type is typically used for Single-Page Applications (SPAs) and mobile apps where storing a client secret is not feasible.
Unlike the Authorization Code flow, tokens are returned directly in the redirect URI without exchanging an authorization code.
🛠 Steps to Configure Implicit Grant in PingFederate:
- Login to PingFederate Admin Console
- Navigate to: Applications → OAuth Clients
- Click Add Client
- Fill in the required information:
- Client ID and Client Name
- Redirect URI
- Scopes
- Under Allowed Grant Types, select:
- ✅ Implicit
- ✅ Implicit
- Use ATM1 as the default Token Manager
- Save the application
Obtaining access token using Authorization Tab in postman.
Overview :-
1. Open Postman and Create a Request :-
· Launch Postman application.
· Click the “…” tab in PING OAuth to create a new request and rename as IM_Client1
2. Go to the Authorization Tab :-
· Select the “Authorization” tab located in the request window.
3. Select Authorization Type :-
· In the Type dropdown, select OAuth 2.0.
4 . coming to Configure new token :-
· Provide the required fields as per your authorization server’s configuration:
| Field | Description |
| Token Name | A name to identify your token (e.g., `My OAuth Token`) |
| Grant Type | Select `Authorization Code implicit |
| Callback URL | Redirect URI registered with your identity provider (e.g., `https://oauth.pstmn.io/v1/callback`) |
| Auth URL | The authorization endpoint URL |
| Access Token URL | The token endpoint URL |
| Client ID | Provided by your identity provider |
| Scope | (Optional) Define access levels (e.g., `openid profile`) |
⚠️ Note: The Client Secret field is typically left blank for public clients using implicit.
1. Send Request and Get Token
Ensure your request in Postman uses OAuth 2.0 Authorization Code with implicit grant to get the access token.
6. Click “Get Token” :-
· After entering details, click “Get Token”.
· Postman will redirect you to the login page.
· Authenticate using your credentials.
· Postman will receive and display the access token.
7. Use the Token :-
· Click “Use Token” to attach it to the request.
🔓 Decode PKCE Postman Token by Using JSON web token debugger
✅ Step-by-Step Guide
1. Extract the Token
After clicking “Use Token”, the token is attached to your request. You can extract and decode it using the json web token.
2. After entering into json web token website click on clear then preinstalled code will be removed
3.Copied postman token have to paste here
4.Once code is pasted the code will be automatically decoded and client details can view
