PingOne Platform APIs

Step 5: Send the authorize request

   

GET {{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{SPAppWithAuthCodeGrantID}}&redirect_uri=https://example.com&scope=openid&code_challenge={{code_challenge}}&code_challenge_method=S256

The PingOne authorization endpoint /{{envID}}/as/authorize is used to interact with the resource owner and obtain an authorization grant. The authorization request must include values for the following properties:

  • client_id

    A string that specifies the application’s UUID, which was returned in Step 1.

  • response_type

    A string that specifies the code or token type returned by an authorization request. For this activity, the value is token.

  • redirect_uri

    A string that specifies the URL that specifies the return entry point of the application. The redirect_uri property value defined in Step 1 is https://example.com.

  • scope

    A string that specifies permissions that determine the resources that the application can access.

  • code_challenge

    A value computed from the code_verifier property that is used in a PKCE authorization request.

  • code_challenge_method

    The computation logic used to generate the code_challenge string. The token endpoint uses this method to verify the code_verifier for PKCE authorization requests. Options are: plain and S256.

If you use the Postman collection, this request includes a pre-request script that creates the PKCE code_verifier and code_challenge strings and writes these values to your Postman environment. If you do not use the Postman collection, you can use the PingOne PKCE Code Generator application to obtain these strings.

The response returns a 302 message with a flowID embedded in the Location header, which specifies that a call should be made to another resource to continue the authentication flow. The Location header looks like this:

Location: https://apps.pingone.com/5caa81af-ec05-41ff-a709-c7378007a99c/signon/?flowId=03e52d0a-c55a-4807-889b-cd14f74ec4c5

If this call fails to return a 302 HTTP Status, for a possible solution refer to Configuring and managing Postman.

When the flow finishes, it returns an access token.

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{SPAppWithAuthCodeGrantID}}&redirect_uri=https%3A%2F%2Fexample.com&scope=openid&code_challenge={{code_challenge}}&code_challenge_method=S256'
var options = new RestClientOptions("{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{SPAppWithAuthCodeGrantID}}&redirect_uri=https://example.com&scope=openid&code_challenge={{code_challenge}}&code_challenge_method=S256")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Get);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "net/http"
  "io"
)

func main() {

  url := "{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{SPAppWithAuthCodeGrantID}}&redirect_uri=https%3A%2F%2Fexample.com&scope=openid&code_challenge={{code_challenge}}&code_challenge_method=S256"
  method := "GET"

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, nil)

  if err != nil {
    fmt.Println(err)
    return
  }
  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
GET /{{envID}}/as/authorize?response_type=code&client_id={{SPAppWithAuthCodeGrantID}}&redirect_uri=https://example.com&scope=openid&code_challenge={{code_challenge}}&code_challenge_method=S256 HTTP/1.1
Host: {{authPath}}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType, "");
Request request = new Request.Builder()
  .url("{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{SPAppWithAuthCodeGrantID}}&redirect_uri=https://example.com&scope=openid&code_challenge={{code_challenge}}&code_challenge_method=S256")
  .method("GET", body)
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{SPAppWithAuthCodeGrantID}}&redirect_uri=https://example.com&scope=openid&code_challenge={{code_challenge}}&code_challenge_method=S256",
  "method": "GET",
  "timeout": 0,
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'GET',
  'url': '{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{SPAppWithAuthCodeGrantID}}&redirect_uri=https://example.com&scope=openid&code_challenge={{code_challenge}}&code_challenge_method=S256',
  'headers': {
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests

url = "{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{SPAppWithAuthCodeGrantID}}&redirect_uri=https://example.com&scope=openid&code_challenge={{code_challenge}}&code_challenge_method=S256"

payload = {}
headers = {

}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{SPAppWithAuthCodeGrantID}}&redirect_uri=https://example.com&scope=openid&code_challenge={{code_challenge}}&code_challenge_method=S256');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(

));
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "net/http"

url = URI("{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{SPAppWithAuthCodeGrantID}}&redirect_uri=https://example.com&scope=openid&code_challenge={{code_challenge}}&code_challenge_method=S256")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{SPAppWithAuthCodeGrantID}}&redirect_uri=https%3A%2F%2Fexample.com&scope=openid&code_challenge={{code_challenge}}&code_challenge_method=S256")!,timeoutInterval: Double.infinity)
request.httpMethod = "GET"

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

302 Moved Temporarily