When a flow action is part of the authentication policy, the flow drops off specific context data that cannot be passed through the browser as query or form parameters due to security constraints. The flow execution context endpoint captures these input parameters and returns a contextUri to the flow execution service, which must be included as a parameter in the experience URL. For example:

https://auth.pingone.com/{envId}/experiences/{flowNameOrID}?redirectUri=https://auth.pingone.com/{envId}/flows/{flowId}/flowExecutionCallback?contextUri={contextUri}

Flow execution context drop off request data model

Property Description
id A string that specifies the authentication transaction ID.
application An object that specifies the application resource associated with the flow.
application.id A string that specifies the application resource ID.
application.name A string that specifies the application resource name.
application.protocol A string that specifies the application resource protocol. Options are OPENID_CONNECT and SAML.
user An object that specifies the user resource associated with the flow.
user.id A string that specifies the user resource ID.
user.username A string that specifies the user’s username property value.
user.email A string that specifies the user’s email property value.
session An object that specifies the session associated with the flow.
session.id A string that specifies the session ID.
session.browser.name A string that specifies the browser associated with this session.
session.browser.version A string that specifies the browser version associated with this session.
session.operatingSystem.name A string that specifies the operating system associated with this session.
session.operatingSystem.version A string that specifies the operating system version associated with this session.
session.device.type A string that specifies the device type associated with this session.
session.locations.at The time associated with this session.
session.locations.remoteIp A string that specifies the IP address associated with this session.
session.locations.city A string that specifies the city associated with this session.
session.locations.state A string that specifies the state associated with this session.
session.locations.region A string that specifies the region associated with this session.
session.locations.country A string that specifies the country associated with this session.
session.lastSignOn.at The time of the user’s last sign on.
session.lastSignOn.remoteIp A string that specifies the IP address associated with the user’s last sign on.
session.createdAt The time the session was initiated.
session.activeAt The time the session was first active.
session.authorizationRequest.responseTypes An array of strings that specifies the response types associated with this authorization request.
session.authorizationRequest.scopes An array of strings that specifies the scopes associated with this authorization request.
session.authorizationRequest.scopes.openid A string that specifies the openid scope.
session.authorizationRequest.scopes.address A string that specifies the address scope.
session.authorizationRequest.scopes.email A string that specifies the email scope.
session.authorizationRequest.acrValues An array that specifies the names of the sign-on policies that are included in the authorization flow request.

Flow execution context drop off response data model

Property Description
contextUri A URI that specifies the one time URI that should be used as a reference to the dropped off context parameters on the experience request using the contextUri query parameter. The format of this URI is in the format urn:contextId:{uuid}. The context URI is valid until the flow completes.
expiresAt The time this context URI is no longer valid. Starting a flow execution using the context URI after the expired time causes the flow to fail.