Pushed Authorization Request (CLIENT_SECRET_POST)

POST {{authPath}}/{{envID}}/as/par

For applications in which the tokenEndpointAuthMethod is set to CLIENT_SECRET_POST, the request does not need an Authorization header, and the client_id and client_secret property values are submitted in the request body.

Prerequisites

Refer to OpenID Connect/OAuth 2 for important overview information.
Create an application to get an appID. Refer to Application Operations. Run Read All Applications to find an existing application.
Run Read All Templates to find a templateName.
Run Read All Contents to find a variantName.

Request Model

Property Type Required?

Property	Type	Required?
`acr_values`	String	Optional
`client_id`	String	Required
`code_challenge_method`	String	Optional
`login_hint`	String	Optional
`mobilePayload`	String	Optional
`max_age`	String	Optional
`nonce`	String	Optional
`prompt`	String	Optional
`redirect_uri`	String	Required
`request`	String	Optional
`response_mode`	String	Optional
`response_type`	String	Required
`scope`	String	Optional
`state`	String	Optional

acr_values

String

Optional

client_id

String

Required

code_challenge_method

String

Optional

login_hint

String

Optional

mobilePayload

String

Optional

max_age

String

Optional

nonce

String

Optional

prompt

String

Optional

redirect_uri

String

Required

request

String

Optional

response_mode

String

Optional

response_type

String

Required

scope

String

Optional

state

String

Optional

Refer to the OpenID Connect/OAuth2 data model for full property descriptions.

Headers

Content-Type application/x-www-form-urlencoded

Body

urlencoded ( application/x-www-form-urlencoded )

Key	Value
response_type	token
client_id	{{appID}}
redirect_uri	{{redirect_uri}}
scope	openid
client_secret	{{appSecret}}

Key

Value

response_type

token

client_id

redirect_uri

scope

openid

client_secret

Example Request

curl --location --globoff '{{authPath}}/{{envID}}/as/par' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'response_type=token' \
--data-urlencode 'client_id={{appID}}' \
--data-urlencode 'redirect_uri={{redirect_uri}}' \
--data-urlencode 'scope=openid' \
--data-urlencode 'client_secret={{appSecret}}'

var options = new RestClientOptions("{{authPath}}/{{envID}}/as/par")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("response_type", "token");
request.AddParameter("client_id", "{{appID}}");
request.AddParameter("redirect_uri", "{{redirect_uri}}");
request.AddParameter("scope", "openid");
request.AddParameter("client_secret", "{{appSecret}}");
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);

package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{authPath}}/{{envID}}/as/par"
  method := "POST"

  payload := strings.NewReader("response_type=token&client_id=%7B%7BappID%7D%7D&redirect_uri=%7B%7Bredirect_uri%7D%7D&scope=openid&client_secret=%7B%7BappSecret%7D%7D")

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/x-www-form-urlencoded")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}

POST /{{envID}}/as/par HTTP/1.1
Host: {{authPath}}
Content-Type: application/x-www-form-urlencoded

response_type=token&client_id=%7B%7BappID%7D%7D&redirect_uri=%7B%7Bredirect_uri%7D%7D&scope=openid&client_secret=%7B%7BappSecret%7D%7D

OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/x-www-form-urlencoded");
RequestBody body = RequestBody.create(mediaType, "response_type=token&client_id={{appID}}&redirect_uri={{redirect_uri}}&scope=openid&client_secret={{appSecret}}");
Request request = new Request.Builder()
  .url("{{authPath}}/{{envID}}/as/par")
  .method("POST", body)
  .addHeader("Content-Type", "application/x-www-form-urlencoded")
  .build();
Response response = client.newCall(request).execute();

var settings = {
  "url": "{{authPath}}/{{envID}}/as/par",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/x-www-form-urlencoded"
  },
  "data": {
    "response_type": "token",
    "client_id": "{{appID}}",
    "redirect_uri": "{{redirect_uri}}",
    "scope": "openid",
    "client_secret": "{{appSecret}}"
  }
};

$.ajax(settings).done(function (response) {
  console.log(response);
});

var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{authPath}}/{{envID}}/as/par',
  'headers': {
    'Content-Type': 'application/x-www-form-urlencoded'
  },
  form: {
    'response_type': 'token',
    'client_id': '{{appID}}',
    'redirect_uri': '{{redirect_uri}}',
    'scope': 'openid',
    'client_secret': '{{appSecret}}'
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});

import requests

url = "{{authPath}}/{{envID}}/as/par"

payload = 'response_type=token&client_id=%7B%7BappID%7D%7D&redirect_uri=%7B%7Bredirect_uri%7D%7D&scope=openid&client_secret=%7B%7BappSecret%7D%7D'
headers = {
  'Content-Type': 'application/x-www-form-urlencoded'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)

<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{authPath}}/{{envID}}/as/par');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/x-www-form-urlencoded'
));
$request->addPostParameter(array(
  'response_type' => 'token',
  'client_id' => '{{appID}}',
  'redirect_uri' => '{{redirect_uri}}',
  'scope' => 'openid',
  'client_secret' => '{{appSecret}}'
));
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}

require "uri"
require "net/http"

url = URI("{{authPath}}/{{envID}}/as/par")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/x-www-form-urlencoded"
request.body = "response_type=token&client_id=%7B%7BappID%7D%7D&redirect_uri=%7B%7Bredirect_uri%7D%7D&scope=openid&client_secret=%7B%7BappSecret%7D%7D"

response = http.request(request)
puts response.read_body

let parameters = "response_type=token&client_id=%7B%7BappID%7D%7D&redirect_uri=%7B%7Bredirect_uri%7D%7D&scope=openid&client_secret=%7B%7BappSecret%7D%7D"
let postData =  parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/as/par")!,timeoutInterval: Double.infinity)
request.addValue("application/x-www-form-urlencoded", forHTTPHeaderField: "Content-Type")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

201 Created

{
    "request_uri": "urn:ietf:params:oauth:request_uri:03669195-99bc-410d-af5d-a0f125eea9b6",
    "expires_in": 60
}

PingOne Platform APIs

Pushed Authorization Request (CLIENT_SECRET_POST)

Prerequisites

Headers

Body

Example Request

Example Response