Step 6: Submit login credentials
POST {{authPath}}/{{envID}}/flows/{{flowID}}Use POST {{authPath}}/{{envID}}/flows/{{flowID}} to respond to the USERNAME_PASSWORD_REQUIRED flow state set by the previous call to get the flow. This requires that the user initiates the usernamePassword.check action.
You need to set the application/vnd.pingidentity.usernamePassword.check+json custom media type in the Content-type HTTP request header to identify the action.
In this request:
-
{{authPath}}is the geographic regional domain to use for authentication and authorization for your PingOne environment. The PingOne top-level domain ishttps://auth.pingone.com/v1for the U.S. Refer to PingOne API domains for the top-level domains for other regions. -
{{envID}}is the environment ID for the environment you created in the prior workflow to create your test environment. -
{{flowID}}is the flow ID value returned in the Location header by the call to send an authorization request.
In the request body:
-
usernameis a String containing theusernamevalue you assigned when you created the user in Step 5: Create a user. -
passwordis a String containing the user’s password you set in Step 6: Set the user password.
If the usernamePassword.check action completes successfully, the authentication flow completes, and the user is redirected to the URL specified in the resumeUrl property in the flow resource (returned by the previous call to get the flow).
Troubleshooting
-
Verify that the
application/vnd.pingidentity.usernamePassword.check+jsoncustom media type in theContent-typeHTTP request header is correct. -
Verify that you’re submitting the correct username and password for your test user. If you’re using the Postman collection, these values are set for you automatically in this request.
-
Verify that
{{authPath}}is correct for your geographic region.
Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{authPath}}/{{envID}}/flows/{{flowID}}' \
--header 'Content-Type: application/vnd.pingidentity.usernamePassword.check+json' \
--data '{
"username": "{{solutionUsername}}",
"password": "{{userPassword}}"
}'var options = new RestClientOptions("{{authPath}}/{{envID}}/flows/{{flowID}}")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/vnd.pingidentity.usernamePassword.check+json");
var body = @"{" + "\n" +
@" ""username"": ""{{solutionUsername}}""," + "\n" +
@" ""password"": ""{{userPassword}}""" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{authPath}}/{{envID}}/flows/{{flowID}}"
method := "POST"
payload := strings.NewReader(`{
"username": "{{solutionUsername}}",
"password": "{{userPassword}}"
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/vnd.pingidentity.usernamePassword.check+json")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}POST /{{envID}}/flows/{{flowID}} HTTP/1.1
Host: {{authPath}}
Content-Type: application/vnd.pingidentity.usernamePassword.check+json
{
"username": "{{solutionUsername}}",
"password": "{{userPassword}}"
}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/vnd.pingidentity.usernamePassword.check+json");
RequestBody body = RequestBody.create(mediaType, "{\n \"username\": \"{{solutionUsername}}\",\n \"password\": \"{{userPassword}}\"\n}");
Request request = new Request.Builder()
.url("{{authPath}}/{{envID}}/flows/{{flowID}}")
.method("POST", body)
.addHeader("Content-Type", "application/vnd.pingidentity.usernamePassword.check+json")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{authPath}}/{{envID}}/flows/{{flowID}}",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/vnd.pingidentity.usernamePassword.check+json"
},
"data": JSON.stringify({
"username": "{{solutionUsername}}",
"password": "{{userPassword}}"
}),
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'POST',
'url': '{{authPath}}/{{envID}}/flows/{{flowID}}',
'headers': {
'Content-Type': 'application/vnd.pingidentity.usernamePassword.check+json'
},
body: JSON.stringify({
"username": "{{solutionUsername}}",
"password": "{{userPassword}}"
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
import json
url = "{{authPath}}/{{envID}}/flows/{{flowID}}"
payload = json.dumps({
"username": "{{solutionUsername}}",
"password": "{{userPassword}}"
})
headers = {
'Content-Type': 'application/vnd.pingidentity.usernamePassword.check+json'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{authPath}}/{{envID}}/flows/{{flowID}}');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/vnd.pingidentity.usernamePassword.check+json'
));
$request->setBody('{\n "username": "{{solutionUsername}}",\n "password": "{{userPassword}}"\n}');
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "json"
require "net/http"
url = URI("{{authPath}}/{{envID}}/flows/{{flowID}}")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/vnd.pingidentity.usernamePassword.check+json"
request.body = JSON.dump({
"username": "{{solutionUsername}}",
"password": "{{userPassword}}"
})
response = http.request(request)
puts response.read_bodylet parameters = "{\n \"username\": \"{{solutionUsername}}\",\n \"password\": \"{{userPassword}}\"\n}"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/flows/{{flowID}}")!,timeoutInterval: Double.infinity)
request.addValue("application/vnd.pingidentity.usernamePassword.check+json", forHTTPHeaderField: "Content-Type")
request.httpMethod = "POST"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
200 OK
{
"_links": {
"self": {
"href": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/flows/03afaa95-677b-4a10-a4e2-ae65a1d90c1f"
}
},
"id": "03afaa95-677b-4a10-a4e2-ae65a1d90c1f",
"session": {
"id": "b99d7486-b5a3-44ed-a9da-6ededd648373"
},
"resumeUrl": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/as/resume?flowId=03afaa95-677b-4a10-a4e2-ae65a1d90c1f",
"status": "COMPLETED",
"createdAt": "2025-04-08T16:15:38.937Z",
"expiresAt": "2025-04-08T16:31:40.195Z",
"_embedded": {
"user": {
"id": "01ff99b5-d66c-4e76-bd1c-8b241f19a19e",
"username": "solution_user_1744128988"
},
"application": {
"name": "SolutionApp_1744128926"
}
}
}