PingOne Platform APIs

Authorize (implicit POST)

POST {{authPath}}/{{envID}}/as/authorize

The authorization endpoint is used in a POST request. The POST request accepts all the same parameters as the GET request. Both initiate an authorization request. Note that for the POST request, parameters and their values are Form Serialized by adding the parameter names and values to the entity body of the HTTP request and specifying the Content-Type: application/x-www-form-urlencoded request header.

The sample shows the POST /{{envID}}/as/authorize operation. The request includes a response_type parameter with a value of token, which designates that this authorization request, if successful, returns an access token.

The optional request property specifies a JWT that enables OIDC/OAuth2 request parameters to be passed as a single, self-contained parameter. For details on how to construct the JWT, refer to Create a request property JWT. For information on pi.template refer to Notifications Templates. For information on pi.clientContext refer to Device Authentication.

Prerequisites

Request Model

Supported parameters for an authorization request with a response_type that returns a token:

Property Type Required?

acr_values

String

Optional

client_id

String

Required

code_challenge_method

String

Optional

login_hint

String

Optional

login_hint_token

String

Optional

mobilePayload

String

Optional

max_age

String

Optional

nonce

String

Optional

prompt

String

Optional

redirect_uri

String

Required

request

String

Optional

response_mode

String

Optional

response_type

String

Required

scope

String

Optional

state

String

Optional

Refer to the OpenID Connect/OAuth2 data model for full property descriptions.

Headers

Content-Type      application/x-www-form-urlencoded

Body

urlencoded ( application/x-www-form-urlencoded )

Key Value

response_type

token

client_id

{{appID}}

redirect_uri

{{redirect_uri}}

scope

openid profile p1:read:user

nonce

{{nonce}}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{authPath}}/{{envID}}/as/authorize' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'response_type=token' \
--data-urlencode 'client_id={{appID}}' \
--data-urlencode 'redirect_uri={{redirect_uri}}' \
--data-urlencode 'scope=openid profile p1:read:user' \
--data-urlencode 'nonce={{nonce}}'
var options = new RestClientOptions("{{authPath}}/{{envID}}/as/authorize")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("response_type", "token");
request.AddParameter("client_id", "{{appID}}");
request.AddParameter("redirect_uri", "{{redirect_uri}}");
request.AddParameter("scope", "openid profile p1:read:user");
request.AddParameter("nonce", "{{nonce}}");
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{authPath}}/{{envID}}/as/authorize"
  method := "POST"

  payload := strings.NewReader("response_type=token&client_id=%7B%7BappID%7D%7D&redirect_uri=%7B%7Bredirect_uri%7D%7D&scope=openid%20profile%20p1%3Aread%3Auser&nonce=%7B%7Bnonce%7D%7D")

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/x-www-form-urlencoded")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /{{envID}}/as/authorize HTTP/1.1
Host: {{authPath}}
Content-Type: application/x-www-form-urlencoded

response_type=token&client_id=%7B%7BappID%7D%7D&redirect_uri=%7B%7Bredirect_uri%7D%7D&scope=openid%20profile%20p1%3Aread%3Auser&nonce=%7B%7Bnonce%7D%7D
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/x-www-form-urlencoded");
RequestBody body = RequestBody.create(mediaType, "response_type=token&client_id={{appID}}&redirect_uri={{redirect_uri}}&scope=openid profile p1:read:user&nonce={{nonce}}");
Request request = new Request.Builder()
  .url("{{authPath}}/{{envID}}/as/authorize")
  .method("POST", body)
  .addHeader("Content-Type", "application/x-www-form-urlencoded")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{authPath}}/{{envID}}/as/authorize",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/x-www-form-urlencoded"
  },
  "data": {
    "response_type": "token",
    "client_id": "{{appID}}",
    "redirect_uri": "{{redirect_uri}}",
    "scope": "openid profile p1:read:user",
    "nonce": "{{nonce}}"
  }
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{authPath}}/{{envID}}/as/authorize',
  'headers': {
    'Content-Type': 'application/x-www-form-urlencoded'
  },
  form: {
    'response_type': 'token',
    'client_id': '{{appID}}',
    'redirect_uri': '{{redirect_uri}}',
    'scope': 'openid profile p1:read:user',
    'nonce': '{{nonce}}'
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests

url = "{{authPath}}/{{envID}}/as/authorize"

payload = 'response_type=token&client_id=%7B%7BappID%7D%7D&redirect_uri=%7B%7Bredirect_uri%7D%7D&scope=openid%20profile%20p1%3Aread%3Auser&nonce=%7B%7Bnonce%7D%7D'
headers = {
  'Content-Type': 'application/x-www-form-urlencoded'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{authPath}}/{{envID}}/as/authorize');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/x-www-form-urlencoded'
));
$request->addPostParameter(array(
  'response_type' => 'token',
  'client_id' => '{{appID}}',
  'redirect_uri' => '{{redirect_uri}}',
  'scope' => 'openid profile p1:read:user',
  'nonce' => '{{nonce}}'
));
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "net/http"

url = URI("{{authPath}}/{{envID}}/as/authorize")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/x-www-form-urlencoded"
request.body = "response_type=token&client_id=%7B%7BappID%7D%7D&redirect_uri=%7B%7Bredirect_uri%7D%7D&scope=openid%20profile%20p1%3Aread%3Auser&nonce=%7B%7Bnonce%7D%7D"

response = http.request(request)
puts response.read_body
let parameters = "response_type=token&client_id=%7B%7BappID%7D%7D&redirect_uri=%7B%7Bredirect_uri%7D%7D&scope=openid%20profile%20p1%3Aread%3Auser&nonce=%7B%7Bnonce%7D%7D"
let postData =  parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/as/authorize")!,timeoutInterval: Double.infinity)
request.addValue("application/x-www-form-urlencoded", forHTTPHeaderField: "Content-Type")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

302 Found