PingOne Platform APIs

Step 4: Get the access token

POST {{authPath}}/{{envID}}/as/token

The token endpoint is used by the client to obtain an access token by presenting its authorization grant. For authorization_code grants, the application calls the POST /{{envID}}/as/token endpoint to acquire the access token. The request body must include values for the following properties:

  • grant_type

    A string that specifies the grant type of the token request. In this example, the value is authorization_code.

  • code

    A string that specifies the authorization code value returned by the authorization request.

  • redirect_uri

    A URL that specifies the return entry point of the application.

The request requires basic authentication, in which the application ID and the application secret authenticate the token request.

The response data contains the access token.

Headers

Authorization

Content-Type      application/x-www-form-urlencoded

Body

urlencoded ( application/x-www-form-urlencoded )

Key Value

grant_type

authorization_code

code

{{authCode}}

redirect_uri

https://www.google.com

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{authPath}}/{{envID}}/as/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic e3tjdXN0b21SZXNvdXJjZUFwcElEfX06e3tjdXN0b21SZXNvdXJjZUFwcFNlY3JldH19' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code={{authCode}}' \
--data-urlencode 'redirect_uri=https://www.google.com'
var options = new RestClientOptions("{{authPath}}/{{envID}}/as/token")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddHeader("Authorization", "Basic e3tjdXN0b21SZXNvdXJjZUFwcElEfX06e3tjdXN0b21SZXNvdXJjZUFwcFNlY3JldH19");
request.AddParameter("grant_type", "authorization_code");
request.AddParameter("code", "{{authCode}}");
request.AddParameter("redirect_uri", "https://www.google.com");
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{authPath}}/{{envID}}/as/token"
  method := "POST"

  payload := strings.NewReader("grant_type=authorization_code&code=%7B%7BauthCode%7D%7D&redirect_uri=https%3A%2F%2Fwww.google.com")

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
  req.Header.Add("Authorization", "Basic e3tjdXN0b21SZXNvdXJjZUFwcElEfX06e3tjdXN0b21SZXNvdXJjZUFwcFNlY3JldH19")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /{{envID}}/as/token HTTP/1.1
Host: {{authPath}}
Content-Type: application/x-www-form-urlencoded
Authorization: Basic e3tjdXN0b21SZXNvdXJjZUFwcElEfX06e3tjdXN0b21SZXNvdXJjZUFwcFNlY3JldH19

grant_type=authorization_code&code=%7B%7BauthCode%7D%7D&redirect_uri=https%3A%2F%2Fwww.google.com
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/x-www-form-urlencoded");
RequestBody body = RequestBody.create(mediaType, "grant_type=authorization_code&code={{authCode}}&redirect_uri=https://www.google.com");
Request request = new Request.Builder()
  .url("{{authPath}}/{{envID}}/as/token")
  .method("POST", body)
  .addHeader("Content-Type", "application/x-www-form-urlencoded")
  .addHeader("Authorization", "Basic e3tjdXN0b21SZXNvdXJjZUFwcElEfX06e3tjdXN0b21SZXNvdXJjZUFwcFNlY3JldH19")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{authPath}}/{{envID}}/as/token",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/x-www-form-urlencoded",
    "Authorization": "Basic e3tjdXN0b21SZXNvdXJjZUFwcElEfX06e3tjdXN0b21SZXNvdXJjZUFwcFNlY3JldH19"
  },
  "data": {
    "grant_type": "authorization_code",
    "code": "{{authCode}}",
    "redirect_uri": "https://www.google.com"
  }
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{authPath}}/{{envID}}/as/token',
  'headers': {
    'Content-Type': 'application/x-www-form-urlencoded',
    'Authorization': 'Basic e3tjdXN0b21SZXNvdXJjZUFwcElEfX06e3tjdXN0b21SZXNvdXJjZUFwcFNlY3JldH19'
  },
  form: {
    'grant_type': 'authorization_code',
    'code': '{{authCode}}',
    'redirect_uri': 'https://www.google.com'
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests

url = "{{authPath}}/{{envID}}/as/token"

payload = 'grant_type=authorization_code&code=%7B%7BauthCode%7D%7D&redirect_uri=https%3A%2F%2Fwww.google.com'
headers = {
  'Content-Type': 'application/x-www-form-urlencoded',
  'Authorization': 'Basic e3tjdXN0b21SZXNvdXJjZUFwcElEfX06e3tjdXN0b21SZXNvdXJjZUFwcFNlY3JldH19'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{authPath}}/{{envID}}/as/token');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/x-www-form-urlencoded',
  'Authorization' => 'Basic e3tjdXN0b21SZXNvdXJjZUFwcElEfX06e3tjdXN0b21SZXNvdXJjZUFwcFNlY3JldH19'
));
$request->addPostParameter(array(
  'grant_type' => 'authorization_code',
  'code' => '{{authCode}}',
  'redirect_uri' => 'https://www.google.com'
));
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "net/http"

url = URI("{{authPath}}/{{envID}}/as/token")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/x-www-form-urlencoded"
request["Authorization"] = "Basic e3tjdXN0b21SZXNvdXJjZUFwcElEfX06e3tjdXN0b21SZXNvdXJjZUFwcFNlY3JldH19"
request.body = "grant_type=authorization_code&code=%7B%7BauthCode%7D%7D&redirect_uri=https%3A%2F%2Fwww.google.com"

response = http.request(request)
puts response.read_body
let parameters = "grant_type=authorization_code&code=%7B%7BauthCode%7D%7D&redirect_uri=https%3A%2F%2Fwww.google.com"
let postData =  parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/as/token")!,timeoutInterval: Double.infinity)
request.addValue("application/x-www-form-urlencoded", forHTTPHeaderField: "Content-Type")
request.addValue("Basic e3tjdXN0b21SZXNvdXJjZUFwcElEfX06e3tjdXN0b21SZXNvdXJjZUFwcFNlY3JldH19", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

200 OK

{
    "access_token": "eyJraWQiOiI4MWI2NTI0MC03M...",
    "token_type": "Bearer",
    "expires_in": 7200,
    "scope": "CustomScope_1712950384"
}