The PingOne authorization endpoint /{{envID}}/as/authorize is used to interact with the resource owner and obtain an authorization grant. The authorization request must include values for the following properties:

Create the signed login_hint_token

To submit an MFA only authorize request, you must create a login_hint_token that provides the following user and application information in the JWT:

For information on creating a login_hint_token, see Create a login_hint_token JWT.