PingOne Platform APIs

Configure Device Authorization Grant Flow

This activity shows you how to initiate a device authorization grant flow to send an activation code to the end user. The authorization and flow orchestration steps apply only to applications that specify device_code as a grant type in the application configuration.

The following operations are supported by the PingOne APIs:

  • Create an application

  • Create a population and a user

  • Initiate an authorize request

  • Use flow APIs to complete the flow

Prerequisites

  • Get an access token from the worker application you created in Create an admin Worker app connection. If you prefer to get a token from a different worker application in an alternate sandbox environment, run the token request endpoint using the client ID and client secret of your chosen worker app to authenticate the request. Refer to Get a PingOne admin access token.

Workflow order of operations

To configure a device authorization grant flow using the environment’s default sign-on policy, the following tasks must be completed successfully:

  1. Make a POST request to /environments/{{envID}}/applications to add a new application to the specified environment.

  2. Make a POST request to /environments/{{envID}}/populations to create a new population resource.

  3. Make a POST request to /environments/{{envID}}/users to create a user who will be assigned to the new population resource.

  4. Make a PUT request to /environments/{{envID}}/users/{{userID}}/password to set the new user’s password.

  5. Make a POST request to /{{envID}}/as/device_authorization to return the device code and the user code.

  6. Make a GET request to /{{envID}}/device to initiate authorization and return a flow ID.

  7. Make a GET request to /{{envID}}/flows/{{flowID}} to start the flow.

  8. To complete the login action, make a POST request to /{{envID}}/flows/{{flowID}} and provide the user’s login credentials.

  9. To complete the confirm activation code action, make a POST request to /{{envID}}/flows/{{flowID}} to submit the activation code.

  10. To complete the consent action, make a POST request to /{{envID}}/flows/{{flowID}} to accept the device authorization grant agreement.

  11. Make a POST request to /{{envID}}/as/token to exchange the device code for an access token.

Click the Run in Postman button below to fork, or download and import, the Postman collection for this workflow to your workspace.

Run in Postman