PingOne Platform APIs

Authorize (hybrid GET)

GET {{authPath}}/{{envID}}/as/authorize?response_type=code%20token&client_id={{appID}}&redirect_uri={{redirect_uri}}&scope=openid%20profile%20p1:read:user&nonce={{nonce}}

The authorization endpoint is used to interact with the end user and obtain an authorization grant. The sample shows the GET /{{envID}}/as/authorize operation. The request URL includes the response_type parameter with a value of code id_token token, which designates that this authorization request is a hybrid flow.

In a hybrid flow, an authorization code is returned from the authorization endpoint, some tokens are returned from the authorization endpoint, and others are returned from the token endpoint. The authorization endpoint’s response_type property specifies the code type and it also specifies id_token, or token, or both. An authorization code (specified by the code response type) is always returned in a hybrid flow. An ID token is returned when the response_type property is code id_token or code id_token token. An access token is returned when the response_type property is code token or code id_token token.

Note that for the POST request, parameters and their values are Form Serialized by adding the parameter names and values to the entity body of the HTTP request and specifying the Content-Type: application/x-www-form-urlencoded request header.

For a Proof Key for Code Exchange (PKCE) authorization request, the /{{envID}}/as/authorize request must include the code_challenge parameter. The code_challenge_method parameter is required if the application’s pkceEnforcement property is set to S256_REQUIRED. Otherwise, it is optional.

The optional request property specifies a JWT that enables OIDC/OAuth2 request parameters to be passed as a single, self-contained parameter. For details on how to construct the JWT, refer to Create a request property JWT. For information on pi.template refer to Notifications Templates. For information on pi.clientContext refer to Device Authentication.

The sample shows the POST /{{envID}}/as/authorize operation for a hybrid flow. For more information about hybrid flows, refer to Authentication using the Hybrid Flow.

Query parameters
Property Type Required?

acr_values

String

Optional

client_id

String

Required

code_challenge_method

String

Optional

login_hint

String

Optional

login_hint_token

String

Optional

mobilePayload

String

Optional

max_age

String

Optional

nonce

String

Optional

prompt

String

Optional

redirect_uri

String

Required

request

String

Optional

response_mode

String

Optional

response_type

String

Required

scope

String

Optional

state

String

Optional
Related topics

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{authPath}}/{{envID}}/as/authorize?response_type=code%20token&client_id={{appID}}&redirect_uri={{redirect_uri}}&scope=openid%20profile%20p1%3Aread%3Auser&nonce={{nonce}}'
var options = new RestClientOptions("{{authPath}}/{{envID}}/as/authorize?response_type=code%20token&client_id={{appID}}&redirect_uri={{redirect_uri}}&scope=openid%20profile%20p1:read:user&nonce={{nonce}}")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Get);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "net/http"
  "io"
)

func main() {

  url := "{{authPath}}/{{envID}}/as/authorize?response_type=code%20token&client_id={{appID}}&redirect_uri={{redirect_uri}}&scope=openid%20profile%20p1%3Aread%3Auser&nonce={{nonce}}"
  method := "GET"

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, nil)

  if err != nil {
    fmt.Println(err)
    return
  }
  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
GET /{{envID}}/as/authorize?response_type=code%20token&client_id={{appID}}&redirect_uri={{redirect_uri}}&scope=openid%20profile%20p1:read:user&nonce={{nonce}} HTTP/1.1
Host: {{authPath}}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType, "");
Request request = new Request.Builder()
  .url("{{authPath}}/{{envID}}/as/authorize?response_type=code%20token&client_id={{appID}}&redirect_uri={{redirect_uri}}&scope=openid%20profile%20p1:read:user&nonce={{nonce}}")
  .method("GET", body)
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{authPath}}/{{envID}}/as/authorize?response_type=code%20token&client_id={{appID}}&redirect_uri={{redirect_uri}}&scope=openid%20profile%20p1:read:user&nonce={{nonce}}",
  "method": "GET",
  "timeout": 0,
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'GET',
  'url': '{{authPath}}/{{envID}}/as/authorize?response_type=code%20token&client_id={{appID}}&redirect_uri={{redirect_uri}}&scope=openid%20profile%20p1:read:user&nonce={{nonce}}',
  'headers': {
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests

url = "{{authPath}}/{{envID}}/as/authorize?response_type=code%20token&client_id={{appID}}&redirect_uri={{redirect_uri}}&scope=openid%20profile%20p1:read:user&nonce={{nonce}}"

payload = {}
headers = {}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{authPath}}/{{envID}}/as/authorize?response_type=code%20token&client_id={{appID}}&redirect_uri={{redirect_uri}}&scope=openid%20profile%20p1:read:user&nonce={{nonce}}');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "net/http"

url = URI("{{authPath}}/{{envID}}/as/authorize?response_type=code%20token&client_id={{appID}}&redirect_uri={{redirect_uri}}&scope=openid%20profile%20p1:read:user&nonce={{nonce}}")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/as/authorize?response_type=code%20token&client_id={{appID}}&redirect_uri={{redirect_uri}}&scope=openid%20profile%20p1%3Aread%3Auser&nonce={{nonce}}")!,timeoutInterval: Double.infinity)
request.httpMethod = "GET"

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

302 Found