Qodex.ai

Configure Device Authorization Grant Flow

Number of APIs: 9

This activity shows you how to initiate a device authorization grant flow to send an activation code to the end user. The authorization and flow orchestration steps apply only to applications that specify device_code as a grant type in the application configuration.

The following operations are supported by the PingOne APIs:

  • Create an application
  • Create a population and a user
  • Initiate an authorize request
  • Use flow APIs to complete the flow

Prerequisites

  • Get an access token from the worker application you created in Getting Started with the PingOne APIs. If you prefer to get a token from a different worker application in an alternate sandbox environment, run the token request endpoint using the client ID and client secret of your chosen worker app to authenticate the request. See GET a Worker Application Access Token.

Workflow order of operations

To configure a device authorization grant flow using the environment's default sign-on policy, the following tasks must be completed successfully:

  1. Make a POST request to /environments/{{envID}}/applications to add a new application to the specified environment.

  2. Make a POST request to /environments/{{envID}}/populations to create a new population resource.

  3. Make a POST request to /environments/{{envID}}/users to create a user who will be assigned to the new population resource.

  4. Make a PUT request to /environments/{{envID}}/users/{{userID}}/password to set the new user's password.

  5. Make a POST request to /{{envID}}/as/device_authorization to return the device code and the user code.

  6. Make a GET request to /{{envID}}/device to initiate authorization and return a flow ID.

  7. Make a GET request to /{{envID}}/flows/{{flowID}} to start the flow.

  8. To complete the login action, make a POST request to /{{envID}}/flows/{{flowID}} and provide the user's login credentials.

  9. To complete the confirm activation code action, make a POST request to /{{envID}}/flows/{{flowID}} to submit the activation code.

  10. To complete the consent action, make a POST request to /{{envID}}/flows/{{flowID}} to accept the device authorization grant agreement.

  11. Make a POST request to /{{envID}}/as/token to exchange the device code for an access token.

  1. Step 4: Set user password PUT {{apiPath}}/environments/{{envID}}/users/{{deviceAuthUserID}}/password

  2. Step 1: Create a custom application POST {{apiPath}}/environments/{{envID}}/applications

  3. Step 2: Create a population POST {{apiPath}}/environments/{{envID}}/populations

  4. Step 3: Create a user POST {{apiPath}}/environments/{{envID}}/users

  5. Step 10: Accept device authorization grant consent POST {{authPath}}/{{envID}}/flows/{{flowID}}

  6. Step 11: Get the access token POST {{authPath}}/{{envID}}/as/token

  7. Step 5: Authorize (device) POST {{authPath}}/{{envID}}/as/device_authorization

  8. Step 6: Start device flow GET {{authPath}}/{{envID}}/device

  9. Step 7: Get the flow GET {{authPath}}/{{envID}}/flows/{{flowID}}