Step 19: Send external an authorization request to the IdP

GET {{authPath}}/{{sourceEnvID}}/as/authorize?response_type=code&redirect_uri=https://auth.pingone.com/{{destinationEnvID}}/rp/callback/openid_connect&scope=openid&client_id={{oidcAppSourceID}}&nonce={{nonce}}&state={{externalProviderState}}

Use a GET {{authPath}}/{{sourceEnvID}}/as/authorize?response_type=code&redirect_uri=https://auth.pingone.com/{{destinationEnvID}}/rp/callback/openid_connect&scope=openid&client_id={{oidcAppSourceID}}&nonce={{nonce}}&state={{externalProviderState}} request to initiate the external authorization flow.

• Use the source environment id in the request URL.

Set the following query parameters:

• response_type

The code or token type returned by an authorization request. For this activity, the value is code.

• client_id

The source application's UUID.

• redirect_uri

The URL that specifies the return entry point of the application. For this activity, the value is https://auth.pingone.com/{{destinationEnvID}}/rp/callback/openid_connect.

• scope

This is a string that specifies permissions that determine the resources that the application can access. For this activity, the scope is openid.

• state

The external provider state id returned in the previous step.

The response returns a 302 message with a flowID embedded in the Location header, which specifies that a call should be made to another resource to continue the authentication flow. The Location header looks like this:

Location: https://apps.pingone.com/5caa81af-ec05-41ff-a709-c7378007a99c/signon/?flowId=72df1cd2-3b99-4225-a1fa-6dc9ec0f78fc

For more information, see Authorize (authorization_code).

Request Params