Qodex.ai

Use LOGIN and AGREEMENT Actions to Authenticate Users

Number of APIs: 19

This activity shows you how to create a sign-on policy with login and agreement actions, initiate an authorization request, and use the flow APIs to complete the authorization.

The following operations are supported by the PingOne APIs:

  • Create an application
  • Create a sign-on policy
  • Create login and agreement sign-on policy actions
  • Create a user
  • Initiate an authorize request
  • Use flow APIs to complete the login and agreement actions

Prerequisites

Get an access token from the worker application that you created in Getting Started with the PingOne APIs. To get a token from a different worker application in an alternate sandbox environment, run the token request endpoint using the client ID and client secret of your chosen worker app to authenticate the request. For more information, see GET a Worker Application Access Token.

Workflow order of operations

To complete a login and agreement sign on, the following tasks must be completed successfully:

  1. Make a POST request to /environments/{{envID}}/applications to add a new application to the specified environment.

  2. Make a GET request to /environments/{{envID}}/applications/{{appID}}/secret to return the new application's secret attribute, which is needed for the token request.

  3. Make a GET request to /environments/{{envID}}/languages to find the environment's default language.

  4. Make a POST request to /environments/{{envID}}/agreements to create a new agreement.

  5. Make a POST request to /environments/{{envID}}/agreements/{{agreementID}}/languages to create the language for the agreement.

  6. Make a POST request to /environments/{{envID}}/agreements/{{agreementID}}/languages/{{agreementLanguageID}}/revisions to create the revision for the agreement in the specified language.

  7. Make a PUT request to /environments/{{envID}}/agreements/{{agreementID}}/languages/{{agreementLanguageID}} to enable the agreement language.

  8. Make a PUT request to /environments/{{envID}}/agreements/{{agreementID}} to enable the agreement.

  9. Make a POST request to /environments/{{envID}}/signOnPolicies to create a new sign-on policy.

  10. Make a POST request to /environments/{{envID}}/signOnPolicies/{{signOnPolicyID}}/actions to define the login action associated with this sign-on policy.

  11. Make a POST request to /environments/{{envID}}/signOnPolicies/{{signOnPolicyID}}/actions to define the agreement action associated with this sign-on policy.

  12. Make a POST request to /environments/{{envID}}/applications/{{appID}}/signOnPolicyAssignments to associate the sign-on policy with the application.

  13. Make a POST request to /environments/{{envID}}/populations to create a new population resource.

  14. Make a POST request to /environments/{{envID}}/users to create a user who will be assigned to the new population resource.

  15. Make a POST request to /environments/{{envID}}/users/{{userID}}/password to set the new user's password.

  16. Make a POST request to /{{envID}}/as/authorize to obtain an authorization grant. This request starts the authorization flow.

  17. Make a GET request to /{{envID}}/flows/{{flowID}} to initiate the sign-on flow.

  18. To complete the login action, make a POST request to GET /{{envID}}/flows/{{flowID}} and provide the user's login credentials.

  19. To complete the agreement action, make a POST request to GET /{{envID}}/flows/{{flowID}} and provide consent to the agreement.

  20. Make a GET request to /{{envID}}/as/resume?flowId={{flowID}} to call the resume endpoint and return the auth code.

  21. Make a POST request to /{{envID}}/as/token to exchange the auth code for an access token.

  1. Step 17: Get the flow GET {{authPath}}/{{envID}}/flows/{{flowID}}

  2. Step 1: Create a web application POST {{apiPath}}/environments/{{envID}}/applications

  3. Step 5: Create an agreement language POST {{apiPath}}/environments/{{envID}}/agreements/{{agreeID}}/languages

  4. Step 6: Create an ageement revision POST {{apiPath}}/environments/{{envID}}/agreements/{{agreeID}}/languages/{{agreeLangID}}/revisions

  5. Step 9: Create a sign-on policy POST {{apiPath}}/environments/{{envID}}/signOnPolicies

  6. Step 11: Create the agreement sign-on policy action POST {{apiPath}}/environments/{{envID}}/signOnPolicies/{{agreementSignonPolicyID}}/actions

  7. Step 14: Create user POST {{apiPath}}/environments/{{envID}}/users

  8. Step 15: Set user password PUT {{apiPath}}/environments/{{envID}}/users/{{agreementUserID}}/password

  9. Step 16: Send an authorization request GET {{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{webApp4AgreementId}}&redirect_uri=https://www.google.com&scope=openid

  10. Step 19: Consent to agreement POST {{authPath}}/{{envID}}/flows/{{flowID}}