Step 16: Send authorize request for transaction approval

GET {{authPath}}/{{envID}}/as/authorize?client_id={{webApp4MfaId}}&response_type=code&response_mode=pi.flow&request={{requestParam}}&scope=profile%20openid&login_hint_token={{requestParam}}

The PingOne authorization endpoint /{{envID}}/as/authorize is used to interact with the resource owner and obtain an authorization grant. The authorization request must include values for the following properties:

• client_id

A string that specifies the application's UUID, which was returned in Step 1.

• response_type

A string that specifies the code or token type returned by an authorization request. For this activity, the value is code.

• response_mode

A string that specifies the mechanism for returning authorization response parameters from the authorization endpoint. This property specifies the pi.flow value to designate that the redirect_uri parameter is not required and authorization response parameters are encoded as a JSON object wrapped in a flow response and returned directly to the client with a 200 status.

• login_hint_token

A string that specifies a token that provides a way for the client to identify and authenticate the end-user without needing to encode the entire authentication request in a signed JWT. In this use case, the request token can include the sub claim to identify the user, which allows it to be used as the login_hint_token.

• request

A string that specifies a JWT that enables OIDC/OAuth2 request parameters to be passed as a single, self-contained parameter. For more information about creating the request token, see Create a request property JWT.

Note: In the Qodex collection linked to this use case, this step includes a Pre-req script that creates the request token and assigns its value to your Qodex environment. You do not need to create the request JWT manually to run this collection.

Request Params