You can use the /{{envID}}/as/authorize endpoint to initiate authorization. This request must include the code_challenge and code_challenge_method parameters.

In the request, the response_type property specifies that the request returns an authorization code that can be exchanged for a token. The client_id property identifies the application ID for the application you created in Step 1. The code_challenge value is computed using the code_verifier prior to submitting the authorize request. The code_challenge_method value specifies the S256 method.

The request returns a Location HTTP header that specifies the URL for the sign-on screen and the flow ID for this specific authentication workflow. The user’s browser is redirected to the sign-on screen to enter account credentials, usually a username and password. For more information about sign-on flows, see Authentication workflow walkthrough.