Step 9: Obtain an authorization grant

GET {{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{AppWithCodeGrantID}}&redirect_uri=https://www.example.com&scope=profile

The PingOne authorization endpoint /{{envID}}/as/authorize is used to interact with the resource owner and obtain an authorization grant. The authorization request must include values for the following properties:

• client_id

A string that specifies the application's UUID, which was returned in Step 1.

• response_type

A string that specifies the code or token type returned by an authorization request. For this activity, the value is code.

• redirect_uri

A string that specifies the URL that specifies the return entry point of the application. The redirect_uri property value defined in Step 1 is https://example.com.

• scope

A string that specifies permissions that determine the resources that the application can access.

The response_type parameter specifies a value of code, which designates that this authorization request returns an authorization code that can be exchanged for an access token.

The response returns a 302 message with a flowID embedded in the Location header, which specifies that a call should be made to another resource to continue the authentication flow. The Location header looks like this:

Location: https://apps.pingone.com/5caa81af-ec05-41ff-a709-c7378007a99c/signon/?flowId=03de5b2a-aec8-4481-ae72-4e01f42bdff1

Note: If this call fails to return a 302 HTTP Status, for a possible solution see Configuring and managing Qodex.

The authentication flow presents appropriate forms to an end user and submits data provided by the user for all required steps. It also redirects to the resume URL when the authentication flow is complete. For information about authentication flows, see Authentication workflow walkthrough.

When the flow finishes, it returns an authorization code. The authorization code is used in Step 13 to create the access token.

Request Params

HEADERS