PingOne Platform APIs

Step 7: Send a PingOne authorization request

POST {{authPath}}/{{envID}}/as/authorize

This example shows the GET /{{envID}}/as/authorize operation to send an authorization request to the PingOne authorization server.

For authorization and flow requests, the PingOne endpoint domain is https://auth.pingone.com/ for North America.

In this request:

  • {{envID}} represents your environment ID.

  • response_mode must be set to pi.flow to specify that this is a non-redirect flow.

  • response_type here has a value of code. In other cases, it can be token, id_token, or a combination of these.

  • client_id is the ID of the PingOne application that you created in a prior step.

  • redirect_uri identifies the redirect URI that you specified when you created the PingOne application.

  • scope specifies the OpenID Connect (OIDC) user claims are included in the token.

  • code_challenge specifies the value computed from the code_verifier property that is used in a PKCE authorization request.

  • code_challenge_method specifies the computation logic used to generate the code_challenge string. The token endpoint uses this method to verify the code_verifier for PKCE authorization requests. Options are: plain and S256.

  • The request returns a 200 message when successful. The response body returns JSON instead of HTML.

If you’re using the accompanying Postman collection to test this workflow, this request includes a pre-request script to create the code_verifier and code_challenge values you’ll need to authentication the token request. If you are not using our Postman collection, refer to the PingOne PKCE Code Generator tool to assist in creating these values.

To return JSON instead of HTML in the authorization response, this request includes an optional X-Requested-With HTTP header with its value set to ping-sdk.

Headers

Content-Type      application/x-www-form-urlencoded

X-Requested-With      ping-sdk

Body

urlencoded ( application/x-www-form-urlencoded )

Key Value

response_type

code

client_id

{{dvPiFlowAppID}}

redirect_uri

https://example.com

scope

openid

response_mode

pi.flow

code_challenge

{{code_challenge}}

code_challenge_method

S256

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{authPath}}/{{envID}}/as/authorize' \
--header 'X-Requested-With: ping-sdk' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'response_type=code' \
--data-urlencode 'client_id={{dvPiFlowAppID}}' \
--data-urlencode 'redirect_uri=https://example.com' \
--data-urlencode 'scope=openid' \
--data-urlencode 'response_mode=pi.flow' \
--data-urlencode 'code_challenge={{code_challenge}}' \
--data-urlencode 'code_challenge_method=S256'
var options = new RestClientOptions("{{authPath}}/{{envID}}/as/authorize")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("X-Requested-With", "ping-sdk");
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("response_type", "code");
request.AddParameter("client_id", "{{dvPiFlowAppID}}");
request.AddParameter("redirect_uri", "https://example.com");
request.AddParameter("scope", "openid");
request.AddParameter("response_mode", "pi.flow");
request.AddParameter("code_challenge", "{{code_challenge}}");
request.AddParameter("code_challenge_method", "S256");
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{authPath}}/{{envID}}/as/authorize"
  method := "POST"

  payload := strings.NewReader("response_type=code&client_id=%7B%7BdvPiFlowAppID%7D%7D&redirect_uri=https%3A%2F%2Fexample.com&scope=openid&response_mode=pi.flow&code_challenge=%7B%7Bcode_challenge%7D%7D&code_challenge_method=S256")

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("X-Requested-With", "ping-sdk")
  req.Header.Add("Content-Type", "application/x-www-form-urlencoded")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /{{envID}}/as/authorize HTTP/1.1
Host: {{authPath}}
X-Requested-With: ping-sdk
Content-Type: application/x-www-form-urlencoded

response_type=code&client_id=%7B%7BdvPiFlowAppID%7D%7D&redirect_uri=https%3A%2F%2Fexample.com&scope=openid&response_mode=pi.flow&code_challenge=%7B%7Bcode_challenge%7D%7D&code_challenge_method=S256
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/x-www-form-urlencoded");
RequestBody body = RequestBody.create(mediaType, "response_type=code&client_id={{dvPiFlowAppID}}&redirect_uri=https://example.com&scope=openid&response_mode=pi.flow&code_challenge={{code_challenge}}&code_challenge_method=S256");
Request request = new Request.Builder()
  .url("{{authPath}}/{{envID}}/as/authorize")
  .method("POST", body)
  .addHeader("X-Requested-With", "ping-sdk")
  .addHeader("Content-Type", "application/x-www-form-urlencoded")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{authPath}}/{{envID}}/as/authorize",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "X-Requested-With": "ping-sdk",
    "Content-Type": "application/x-www-form-urlencoded"
  },
  "data": {
    "response_type": "code",
    "client_id": "{{dvPiFlowAppID}}",
    "redirect_uri": "https://example.com",
    "scope": "openid",
    "response_mode": "pi.flow",
    "code_challenge": "{{code_challenge}}",
    "code_challenge_method": "S256"
  }
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{authPath}}/{{envID}}/as/authorize',
  'headers': {
    'X-Requested-With': 'ping-sdk',
    'Content-Type': 'application/x-www-form-urlencoded'
  },
  form: {
    'response_type': 'code',
    'client_id': '{{dvPiFlowAppID}}',
    'redirect_uri': 'https://example.com',
    'scope': 'openid',
    'response_mode': 'pi.flow',
    'code_challenge': '{{code_challenge}}',
    'code_challenge_method': 'S256'
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests

url = "{{authPath}}/{{envID}}/as/authorize"

payload = 'response_type=code&client_id=%7B%7BdvPiFlowAppID%7D%7D&redirect_uri=https%3A%2F%2Fexample.com&scope=openid&response_mode=pi.flow&code_challenge=%7B%7Bcode_challenge%7D%7D&code_challenge_method=S256'
headers = {
  'X-Requested-With': 'ping-sdk',
  'Content-Type': 'application/x-www-form-urlencoded'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{authPath}}/{{envID}}/as/authorize');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'X-Requested-With' => 'ping-sdk',
  'Content-Type' => 'application/x-www-form-urlencoded'
));
$request->addPostParameter(array(
  'response_type' => 'code',
  'client_id' => '{{dvPiFlowAppID}}',
  'redirect_uri' => 'https://example.com',
  'scope' => 'openid',
  'response_mode' => 'pi.flow',
  'code_challenge' => '{{code_challenge}}',
  'code_challenge_method' => 'S256'
));
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "net/http"

url = URI("{{authPath}}/{{envID}}/as/authorize")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["X-Requested-With"] = "ping-sdk"
request["Content-Type"] = "application/x-www-form-urlencoded"
request.body = "response_type=code&client_id=%7B%7BdvPiFlowAppID%7D%7D&redirect_uri=https%3A%2F%2Fexample.com&scope=openid&response_mode=pi.flow&code_challenge=%7B%7Bcode_challenge%7D%7D&code_challenge_method=S256"

response = http.request(request)
puts response.read_body
let parameters = "response_type=code&client_id=%7B%7BdvPiFlowAppID%7D%7D&redirect_uri=https%3A%2F%2Fexample.com&scope=openid&response_mode=pi.flow&code_challenge=%7B%7Bcode_challenge%7D%7D&code_challenge_method=S256"
let postData =  parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/as/authorize")!,timeoutInterval: Double.infinity)
request.addValue("ping-sdk", forHTTPHeaderField: "X-Requested-With")
request.addValue("application/x-www-form-urlencoded", forHTTPHeaderField: "Content-Type")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

200 OK

{
    "interactionId": "039ff9fc-097a-4e5b-be58-88ef03bf4d67",
    "companyId": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6",
    "connectionId": "867ed4363b2bc21c860085ad2baa817d",
    "connectorId": "api",
    "id": "65u7m8cm28",
    "capabilityName": "customHTMLTemplate",
    "_links": {
        "next": {
            "href": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/davinci/connections/867ed4363b2bc21c860085ad2baa817d/capabilities/customHTMLTemplate"
        },
        "self": {
            "href": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/davinci/policy/f34a5cc285f96ffd8e212a459b0d9134/start"
        }
    },
    "eventName": "continue",
    "isResponseCompatibleWithMobileAndWebSdks": true,
    "flowId": "f49c54791bb78dc656d34e6ff38f6ffc",
    "formData": {
        "value": {
            "username": "",
            "password": ""
        }
    },
    "form": {
        "name": "Sign On",
        "description": "Enter username and password",
        "category": "CUSTOM_HTML",
        "components": {
            "fields": [
                {
                    "type": "TEXT",
                    "key": "username",
                    "label": "Username"
                },
                {
                    "type": "PASSWORD",
                    "key": "password",
                    "label": "Password"
                },
                {
                    "type": "SUBMIT_BUTTON",
                    "label": "Sign On",
                    "key": "SIGNON"
                },
                {
                    "type": "FLOW_BUTTON",
                    "label": "No account? Register now!",
                    "key": "REGISTER",
                    "inputType": "ACTION"
                },
                {
                    "type": "FLOW_BUTTON",
                    "label": "Having trouble signing on?",
                    "key": "TROUBLE",
                    "inputType": "ACTION"
                }
            ]
        }
    },
    "interactionToken": "d6cd6559caf8e...",
    "success": true,
    "startUiSubFlow": true
}