After completing the actions specified by the sign-on policy, the authentication flow completes and the user is redirected to the URL specified in the resumeUrl
property in the flow resource.
You can use the GET /{{envID}}/as/resume?flowId={{flowID}}
endpoint to obtain the access token. The Location
HTTP header returned by the resume endpoint contains the token.
To verify that the custom claim is in the token, copy the token from the Location
HTTP header and view it in the PingOne JWT decoder tool. Paste your access token into the JWT field and click Decode.