Step 12: Call the resume endpoint
GET {{authPath}}/{{envID}}/as/resume?flowId={{flowID}}
After completing the actions specified by the sign-on policy, the authentication flow completes and the user is redirected to the URL specified in the resumeUrl property in the flow resource.
You can use the GET /{{envID}}/as/resume?flowId={{flowID}} endpoint to obtain the access token. The response returns a 302 HTTP Status message and a Location HTTP header that includes the token.
The Location header for the /resume endpoint looks like this:
Location: https://www.redirect-domain.com?token=eyJhbGciOiJSUzI1NiIsImtpZCI6ImRlZmF1bHQifQ.eyJjbGllbnRfaWQiOiI4MzAxMDljNy1mOGFhLTQ5MWUtYjJmMi04Zjc1MzJhZTg1ZTkiLCJpc3MiOiJodHRwczovL2F1dGgucGluZ29uZS5jb20vYmY0Y2I4YjgtMzNlOS00NTc2LThkNzAtYzBhYjY3OWZlMGZhL2FzIiwiaWF0IjoxNjYzNTkxMTgzLCJleHAiOjE2NjM1OTQ3ODMsImF1ZCI6WyJodHRwczovL2FwaS5waW5nb25lLmNvbSJdLCJlbnYiOiJiZjRjYjhiOC0zM2U5LTQ1NzYtOGQ3MC1jMGFiNjc5ZmUwZmEiLCJvcmciOiIyZTRlYjk4ZS0zMGZjLTQyOTgtYmIxOS04ZTQzM2Q3MmNmYWUifQ.SRviSQ7NLJ8DbyKXtJ-D0otdaY9uEu1-HXLIJtNhN9mPncZ2agDJHExA5jKWI1uYMHW5TlfazZ6PAVsj6MR6kOxgshSv4BF-klQvOHDmDCsH86rnnxdLZjxw-nwep99ZLc2IlVXzzpTK3U5T8p3Iep1daYMM75CNlSY9b7Ol9BCT2pa_cR9aXczSHdhDK335kRvg4c3DG2nq1rHM7YThOCS06egTvPFiwCBuUmALvJIbAHds8KmYfM1NFWI2vcnl6udqF6aVwRcVcnJa-bF71xHEzxNKa19UW0xe24_wwjWYueGsZkmcQ_1ZCBWuV9OzQaBWcuw5WLrqwtxsCoU9JQ
Note: If this call fails to return a 302 HTTP Status, for a possible solution see Configuring and managing Qodex.
To verify that the custom claim is in the token, copy the token from the Location HTTP header and view it in the PingOne JWT decoder tool. Paste your access token into the JWT field and click Decode.
Request Params
| Key | Datatype | Required | Description |
|---|---|---|---|
flowId | string |