PingOne Initiated Flows

This scenario uses a PingOne OIDC application and a DaVinci flow designated as a PingOne flow. Flow execution is initiated by a PingOne authorize request (POST {{authPath}}/{{envID}}/as/authorize) that specifies pi.flow as the response mode and the X-Requested-With HTTP header set to ping-sdk. The flow endpoints return concise and trimmed JSON responses with only functional details. Flow execution results in a valid session. (Note: This configuration supports using the same flow for web-based user interactive and headless flow execution.)

Refer to JSON Responses for configuration details.

This scenario has similar characteristics to the one above. Flow execution is initiated by a PingOne authorize request (POST {{authPath}}/{{envID}}/as/authorize) that specifies pi.flow as the response mode. However, in this scenario, it omits the X-Requested-With HTTP header from the PingOne authorize request. The flow endpoints return verbose responses that include properties such as the frontend HTML and scripts to build the interface forms. Like the scenario above, the flow execution results in a valid session, and supports user interactive and headless flow execution.

Refer to Detailed Responses for configuration details.

You can use a PingOne OIDC external identity provider resource to call a DaVinci flow. The DaVinci flow authenticates the user and returns the flow back to PingOne to issue a token and complete the sign-on workflow.

Refer to External Identity Provider Option for configuration details.