PingOne Platform APIs

DaVinci Flow Execution Sign-on

You need to begin in DaVinci, and create the DaVinci application, the DaVinci flow (designated as a PingOne flow), and the flow policy on the application. Refer to How to create a flow for instructions. You’ll need the DaVinci flow policy ID to define the PingOne application’s flow policy assignment property.

DaVinci flow settings configuration

DaVinci flows invoked using a PingOne authorize request require special configuration. In DaVinci, when you create your flow, on the flow’s Settings screen, you must toggle on the PingOne Flow property located on the General tab.

PingOne DaVinci flow

Setting this property indicates that the flow is a PingOne flow, enabling it to be included in PingOne flow policies and launched directly from PingOne.

PingOne endpoints

This activity shows you how to create a PingOne application, find and associate a DaVinci flow policy with the application, and initiate the flow using a PingOne authorize request. The authorize request sets the response_mode property to pi.flow, which tells the authorization server to return data, instead of a redirect URL. In addition, the authorize request sets the X-Requested-With HTTP header with a value of ping-sdk to return JSON instead of HTML (and scripts).

For information on setting a DaVinci flow to take advantage of this configuration option, refer to Launching a flow with a Ping SDK.

This scenario illustrates the following common operations supported by the PingOne APIs:

  • Create the application.

  • Assign a DaVinci flow policy to the application.

  • Create the PingOne authorize request.

  • Configure the DaVinci flow endpoints to complete the authentication steps.

  • Call the PingOne token request to get an access token.

To create the application and flow policy, the following tasks must be completed successfully:

  1. Make a POST request to /environments/{{envID}}/applications to add a new application to the specified environment.

  2. Make a GET request to /environments/{{envID}}/flowPolicies to return the list of DaVinci flow policies that can be associated with the PingOne application.

  3. Make a POST request to /environments/{{envID}}/applications/{{appID}}/flowPolicyAssignments to assign a DaVinci flow policy to the application.

  4. Make a POST request to /environments/{{envID}}/populations to create a population for the new user.

  5. Make a POST request to /environments/{{envID}}/users to create a new user.

  6. Make a PUT request to /environments//{{envID}}/users/{{userID}}/password to set the password for the a new user.

  7. Make a POST request to /{{envID}}/as/authorize to obtain an authorization grant. This request starts the authorization flow using the DaVinci flow policy you assigned to the PingOne application.

  8. Make a POST request to /{{envID}}/davinci/connections/{{connectionID}}/capabilities/{{capabilityName}} to start the flow steps defined in the DaVinci flow policy you assigned to the PingOne application.

  9. Make a GET request to /{{envID}}/applications/{{appID}}/secret to get the application’s secret.

  10. Make a POST request to /{{envID}}/as/token to exchange the auth code returned by the flow for an access token.

Click the Run in Postman button below to fork, or download and import, the Postman collection for this workflow to your workspace.

Run in Postman