JSON Responses
PingOne flows use the PingOne authorize endpoint to start the flow. The authorize request must include the response_mode property set to pi.flow, which tells the authorization server to return a 200 OK response with a payload that can be either verbose (HTML and scripts to render the sign-on forms) or minimal (concise JSON responses that show the data properties and their values). Configuring your responses to return JSON gives you the flexibility to parse the response data, collect the information you need, and process it to suit your workflow.
To return JSON, the authorize request and every subsequent flow action request must include the X-Requested-With HTTP header with the value set to ping-sdk.
For example, the PingOne authorize request with X-Requested-With set to ping-sdk returns the following JSON response:
{
"interactionId": "0964a6a0...",
"connectorId": "api",
"interactionToken": "e578ecc5c0f1b...",
"success": true,
"startUiSubFlow": true,
"_links": {
"next": {
"href": "https://auth.pingone.asia/{{envID}}/davinci/connections/{{connectionInstanceID}}/capabilities/customHTMLTemplate"
}
},
"eventName": "continue",
"isResponseCompatibleWithMobileAndWebSdks": true,
"id": "65u7m8cm28",
"companyId": "424d6ac2...",
"flowId": "1041e80...",
"connectionId": "867ed4...",
"capabilityName": "customHTMLTemplate",
"formData": {
"value": {
"username": "",
"password": ""
}
},
"form": {
"name": "Sign On Form",
"description": "Prompt for username and password",
"category": "CUSTOM_HTML",
"components": {
"fields": [
{
"type": "TEXT",
"key": "username",
"label": "Username"
},
{
"type": "PASSWORD",
"key": "password",
"label": "Password"
},
{
"type": "SUBMIT_BUTTON",
"label": "Sign On",
"key": "SIGNON"
},
{
"type": "FLOW_BUTTON",
"label": "No account? Register now!",
"key": "REGISTER"
},
{
"type": "FLOW_BUTTON",
"label": "Having trouble signing on?",
"key": "TROUBLE"
}
]
}
}
}DaVinci and PingOne configuration requirements
In DaVinci, you must configure your application, the flow, and the flow policy to meet the requirements below:
-
A DaVinci application.
-
A DaVinci flow designated as a PingOne flow.
-
A DaVinci flow policy that includes the PingOne flow.
-
A PingOne OIDC application that is associated with the DaVinci flow policy.
|
For PingOne flows, in addition to defining an application in DaVinci, you must also configure a PingOne OIDC application and map it to a DaVinci flow policy ID. The PingOne application ID is the |
Flow execution
To execute a PingOne flow using APIs and receive JSON responses (instead of the usual HTML responses returned by DaVinci endpoints), follow these steps:
Step 1: Initiate the flow through a PingOne authorize request
-
Use the PingOne
/as/authorizeOIDC endpoint to initiate authorization. -
In the authorize request, set the
response_modeproperty value topi.flow. Thepi.flowvalue specifies a non-redirect flow where theredirect_uriparameter is not required and authorization response parameters are encoded as a JSON object and returned directly to the client. -
Set the
client_id(the PingOne application client ID mapped to the DaVinci flow policy), theresponse_type, andscopesproperties for the authorize request. For information about PingOne authorize endpoint properties, refer to Authorization. -
Add the
X-Requested-WithHTTP header and set the value toping-sdk. The JSON response from the authorization server returns anextlink that provides the request URL to proceed to the next step of the flow.
Step 2: Execute the next flow action
-
Use the
nextlink returned in the response (example shown below) to execute subsequent steps of the flow. For information about building thenextlink’s request body, refer to DaVinci Flow Capabilities."_links": { "next": { "href": "{{authPath}}/{{envID}}/davinci/connections/{{connectionInstanceID}}/capabilities/{{capabilityName}}" } },The capability specified by
{{capabilityName}}in thenextlink determines the action of the node in the flow. The flow uses thecustomHTMLTemplateorcustomFormcapabilities to create an HTML page (or form) to prompt for required information to complete the flow action. The flow returns the following capabilities in the response JSON, depending on the success or failure of the sign-on action:-
returnSuccessResponseRedirectIf the action is successful, this capability (returned in the response’s
nextlink) redirects to the next action in the flow. -
customErrorMessageIf the action fails, this capability returns a JSON error response.
-
-
Add the
X-Requested-WithHTTP header to eachnextrequest, and set its value toping-sdkto ensure that the response returns JSON.The APIs pause execution only at user-interactive steps, such as nodes that use the
customHTMLTemplateorcustomFormcapability.
Step 3: Complete the flow
-
On successful flow completion, the response includes the
ST-CookieandST-NO-SSsession cookies in the response headers to indicate that a session has been established. -
The response returns the
returnSuccessResponseRedirectcapability and the following JSON structure to PingOne:{ "environment" : { "id" : "6baead75..." }, "session" : { "id" : "8e918b54..." }, "authorizeResponse" : { "access_token" : "eyJraWQiOiI3YT...", "id_token" : "eyJraWQiOiI3YTVh...", "token_type" : "Bearer", "expires_in" : 3600, "scope" : "openid profile" }, "status" : "COMPLETED" }
|
The DaVinci SDK uses these APIs as a backend when the SDK is used to execute a DaVinci flow. At this time, the SDK supports only PingOne-designated DaVinci flows associated with PingOne applications that use the OpenID Connect protocol. For information and support considerations, refer to Launching a flow with a Ping SDK and Ping SDKs - DaVinci. |
DaVinci flow capabilities data model properties
| Property | Type? | Required? | Mutable? | Description |
|---|---|---|---|---|
|
Object |
N/A |
Read only |
The response from the authorization server. |
|
String |
N/A |
Read only |
The authorization code returned by the authorization server. |
|
String |
N/A |
Read only |
The company ID (same value as the PingOne environment ID). |
|
String |
N/A |
Read only |
The name of the associated capability used by the node. |
|
String |
N/A |
Read only |
The connection ID of the connector used to send the event. |
|
Object |
N/A |
Read only |
The environment object. |
|
String |
N/A |
Read only |
The environment ID. |
|
String |
N/A |
Read only |
The event name. |
|
String |
N/A |
Read only |
The flow ID. |
|
Object |
Optional |
Mutable |
The form attributes object. |
|
String |
Optional |
Mutable |
The form name. |
|
String |
Optional |
Mutable |
The form description. |
|
String |
Optional |
Mutable |
The form category. |
|
Object |
Optional |
Mutable |
The form components object. |
|
Object |
Optional |
Mutable |
The form fields object. |
|
String |
N/A |
Read only |
The resource ID. |
|
String |
N/A |
Read only |
A unique identifier for the flow execution. |
|
String |
N/A |
Read only |
The flow execution interaction token. |
|
Boolean |
N/A |
Read only |
Specifies whether the response is compatible with the mobile and web SDKs. |
|
Object |
Required |
Mutable |
The form data attributes. |
|
String |
Required |
Mutable |
The event type. Options are |
|
Object |
Required |
Mutable |
The parameter data JSON object. Options are |
|
String |
Required |
Mutable |
If the |
|
Object |
Required |
Mutable |
The form data attributes. |
|
String |
Required |
Mutable |
The form data attributes that are associated with fields in the form. |
|
Boolean |
N/A |
Read only |
Specifies whether the reset cookie feature is enabled. |
|
Object |
N/A |
Read only |
The session object. |
|
String |
N/A |
Read only |
The session ID. |
|
String |
N/A |
Read only |
The status of the DaVinci flow (for example, |
|
Object |
N/A |
Read only |
The subflow settings JSON object. |
|
Boolean |
N/A |
Read only |
Specifies whether the flow was successful. |