After completing the actions specified by the sign-on policy, the authentication flow completes and the user is redirected to the URL specified in the resumeUrl property in the flow resource.

You can use the GET /{{envID}}/as/resume?flowId={{flowID}} endpoint to obtain the authorization code required to exchange for an access token. The response returns a 302 HTTP Status message and a Location HTTP header that includes the code.

The Location header for the /resume endpoint looks like this:

Location: https://www.redirect-domain.com?code=005defa3-2b5d-49ca-b176-40d450