OAuth 2.0 Endpoints
||The OAuth authorization server (AS) uses the authorization endpoint to interact directly with resource owners, authenticate them, and obtain their authorizations.
|Client Initiated Backchannel Authentication
||A CIBA-capable client uses this endpoint to initiate a backchannel, out-of-band flow to authenticate the resource owners and obtain their authorizations.
||The client presents its authorization grant to the token endpoint to obtain an access token and a refresh token when needed
||A resource server (RS) client uses the introspection endpoint to validate an access token or a refresh token prior to granting access to a protected-resources call.
|Token revocation endpoint
||The token revocation endpoint allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed
||Resource owners use the grant-management endpoint to view, and optionally revoke, the persistent access grants they have made.
||as/grants.oauth2 and /as/oauth_access_grants.ping
|OpenID Provider (OP) configuration endpoint
||The OpenID Provider (OP) configuration endpoint provides configuration information for the OAuth clients to interface with PingFederate using the OpenID Connect protocol.
||OAuth clients can present access tokens to the UserInfo endpoint to retrieve additional information about the resource owners.