Step 17: Send an authorization request

GET {{authPath}}/{{destinationEnvID}}/as/authorize?response_type=code&client_id={{oidcAppDestinationID}}&redirect_uri=https://example.com&scope=openid

Send a GET request to the authorization endpoint {{apiPath}}/{{destinationEnvID}}/as/authorize using the destination environment. This queries the authorization server to kick off the sign-on flow, returning the options for sign-on.

Two options for sign-on are returned:

• Sign-on with a username.
• Sign-on using an external identity provider.

This step can be demonstrated by entering the Location URL returned in the response headers into a web browser. A sign-on screen is shown with the options for sign-on:

Set the following query parameters:

• response_type

The code or token type returned by an authorization request. For this activity, the value is code.

• client_id

The destination application's UUID, which was returned in step 8.

• redirect_uri

The URL that specifies the return entry point of the application. For this activity, the value is https://example.com.

• scope

This is a string that specifies permissions that determine the resources that the application can access. For this activity, the scope is openid.

The response returns a 302 message with a flowID embedded in the Location header, which specifies that a call should be made to another resource to continue the authentication flow. The Location header looks like this:

Location: https://apps.pingone.com/5caa81af-ec05-41ff-a709-c7378007a99c/signon/?flowId=72df1cd2-3b99-4225-a1fa-6dc9ec0f78fc

For more information, see Authorize (authorization_code).

Note: If this call fails to return a 302 HTTP Status, for a possible solution see Configuring and managing Qodex.

Request Params