Configure a DaVinci Non-redirect Flow

Number of APIs: 7

This use case triggers a DaVinci flow policy through a PingOne authorize request. In addition, it configures the authorize request to initiate a redirectless flow.

If you set the response_mode parameter on the authorize request to pi.flow, the authorize request does not return a 302 Location header and redirect to the PingOne authorization server. Instead, it returns a 200 message and JSON data from DaVinci. The returned data can be used to create a custom interface on a mobile application, or custom controls on a web application that engage PingOne endpoints. In general, this response mode allows a seamless integration experience, one in which no PingOne UI elements are rendered.

Note: If the Davinci flow associated with the pi.flow does not have any UI elements, then it returns the JSON with the auth code or token. If the Davinci flow has UI elements, the response JSON includes the elements and URLs to render and process the flow.

To complete this workflow, you need to begin in DaVinci, and create the DaVinci application, the DaVinci flow, and the flow policy on the application. See How to create a flow for instructions. You'll need the DaVinci flow policy ID to define the PingOne application's flow policy assignment property.

DaVinci flow settings configuration

DaVinci flows invoked using a PingOne authorize request require special configuration. In DaVinci, when you create your flow, on the flow's Settings screen, you must toggle on the PingOne Flow property located on the General tab.

Setting this property indicates that the flow is a PingOne flow, enabling it to be included in PingOne flow policies and launched directly from PingOne.

PingOne endpoints

This activity shows you how to create a PingOne application, find and associate a DaVinci flow policy with the application, and initiate the flow using a PingOne authorize request. This scenario illustrates the following common operations supported by the PingOne APIs:

• Create the application.
• Assign a DaVinci flow policy to the application.
• Create a PingOne population and user.
• Create the PingOne authorize request that uses the pi.flow setting to turn off redirects.

To create the application and flow policy, the following tasks must be completed successfully:

1. Make a POST request to /environments/{{envID}}/applications to add a new application to the specified environment.

2. Make a GET request to /environments/{{envID}}/applications/{{appID}}/secret to get the application's secret.

3. Make a GET request to /environments/{{envID}}/flowPolicies to return the list of DaVinci flow policies that can be associated with the PingOne application.

4. Make a POST request to /environments/{{envID}}/applications/{{appID}}/flowPolicyAssignments to assign a DaVinci flow policy to the application.

5. Make a POST request to /environments/{{envID}}/populations to create a new population.

6. Make a POST request to /environments/{{envID}}/users to create a new user.

7. Make a GET request to /{{envID}}/as/authorize to obtain an authorization grant. This request starts the authorization flow using the DaVinci flow policy you assigned to the PingOne application.

1. Step 5: Create a population POST {{apiPath}}/environments/{{envID}}/populations

2. Step 1: Create a PingOne web application POST {{apiPath}}/environments/{{envID}}/applications

3. Step 2: Get the application secret GET {{apiPath}}/environments/{{envID}}/applications/{{dvFlowAppID}}/secret

4. Step 3: Read all flow policies GET {{apiPath}}/environments/{{envID}}/flowPolicies

5. Step 4: Create the flow policy assignment POST {{apiPath}}/environments/{{envID}}/applications/{{dvFlowAppID}}/flowPolicyAssignments

6. Step 6: Create a user POST {{apiPath}}/environments/{{envID}}/users

7. Step 7: Send authorize request GET {{authPath}}/{{envID}}/as/authorize?client_id={{dvFlowAppID}}&response_type=code&response_mode=pi.flow&login_hint_token={{hint}}&scope=openid profile