PingOne Platform APIs

Step 4: Send an authorization request

GET {{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid

Use the GET {{authPath}}/{{envID}}/as/authorize operation to send an authorization request to the PingOne authorization server. This step queries the authorization server, and returns the flow ID in the Location header that’s required to initiate the sign-on flow.

For Postman users, you’ll need to disable the Automatically follow redirects option in the Settings tab. Otherwise, a successful request will return 200 OK, and the HTML for the redirect URI.

In this request:

  • {{authPath}} is the geographic regional domain to use for authentication and authorization for your PingOne environment. The PingOne top-level domain is https://auth.pingone.com/v1 for the U.S. Refer to PingOne API domains for the top-level domains for other regions.

  • {{envID}} is the environment ID for the environment you created in the prior workflow to create your test environment.

These request query parameters are required:

  • response_type needs a value of code to correspond to the responseTypes value you set when creating the Web application in a prior step.

  • client_id is the application ID returned when you created the Web application in a prior step. This is represented by the value of the {{solutionAppID}} Postman variable written automatically to your Postman environment.

  • redirect_uri is one of the redirect URIs that you set when you created the Web application in a prior step.

  • scope needs to be the OpenID Connect (OIDC) openid user claim that will be included in the token.

When successful, the request returns a Status: 302 Location message with no response body.

The response includes a URL in the Location header value that includes a flow ID, similar to this: Location: http://example.com?environmentId=5caa81af-ec05-41ff-a709-c7378007a99c&flowId=acfa3223-aa05-49d5-bab2-b03dc019bb5f

You can verify the response by opening the Location header URL in a private browser window, and signing on with the user and password credentials you created in the previous workflow to create a test environment. The redirect_uri property is set to "http://localhost:3000/callback", so the sign on operation to PingOne won’t complete.

Troubleshooting

  • Verify that {{envID}} is the ID for the new test environment you created.

  • Verify that you’ve set the variables used in the request body correctly.

  • For Postman users, if 200 OK is returned instead of a Status: 302 Location message with no response body, ensure you’ve disabled the Automatically follow redirects option in the Settings tab.

  • If you get a 401 Unauthorized message, this is likely due to the access token expiring (a 1 hour expiry time). Refer to the step to get an access token, and call this request again.

  • Verify that {{authPath}} is correct for your geographic region.

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid'
var options = new RestClientOptions("{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Get);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "net/http"
  "io"
)

func main() {

  url := "{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid"
  method := "GET"

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, nil)

  if err != nil {
    fmt.Println(err)
    return
  }
  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
GET /{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid HTTP/1.1
Host: {{authPath}}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType, "");
Request request = new Request.Builder()
  .url("{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid")
  .method("GET", body)
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid",
  "method": "GET",
  "timeout": 0,
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'GET',
  'url': '{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid',
  'headers': {
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests

url = "{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid"

payload = {}
headers = {}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "net/http"

url = URI("{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid")!,timeoutInterval: Double.infinity)
request.httpMethod = "GET"

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

302 Moved Temporarily