Step 15: Send authorize request

GET {{authPath}}/{{envID}}/as/authorize?client_id={{webApp4MfaId}}&response_type=code&response_mode=pi.flow&login_hint_token={{requestParam}}

The PingOne authorization endpoint /{{envID}}/as/authorize is used to interact with the resource owner and obtain an authorization grant. The authorization request must include values for the following properties:

client_id

A string that specifies the application's UUID, which was returned in Step 1.

response_type

A string that specifies the code or token type returned by an authorization request. For this activity, the value is code.

redirect_uri

A string that specifies the URL that specifies the return entry point of the application. The redirect_uri property value defined in Step 1 is https://example.com.

login_hint_token

A string that specifies a token that provides a way for the client to identify and authenticate the end-user without needing to encode the entire authentication request in a signed JWT.

Create the signed `login_hint_token`

To submit an MFA only authorize request, you must create a login_hint_token that provides the following user and application information in the JWT:

Environment ID: The environment ID for the environment associated with the user.
Application ID: The application to which the user is making the authorization request.
Application secret: The application's secret.
User ID or username: The user ID or the username of the user.

For information on creating a login_hint_token, see Create a loginhinttoken JWT.

Request Params

Key	Datatype	Required	Description
`client_id`	string
`response_type`	string
`response_mode`	string
`login_hint_token`	string

Step 15: Send authorize request

Create the signed login_hint_token

Request Params

Create the signed `login_hint_token`