The PingOne authorization endpoint /{{envID}}/as/authorize is used to interact with the resource owner and obtain an authorization grant. The authorization request must include values for the following properties:

client_id

A string that specifies the application’s UUID, which was returned in Step 1.
response_type

A string that specifies the code or token type returned by an authorization request. For this activity, the value is code.
response_mode

A string that specifies the mechanism for returning authorization response parameters from the authorization endpoint. This property specifies the pi.flow value to designate that the redirect_uri parameter is not required and authorization response parameters are encoded as a JSON object wrapped in a flow response and returned directly to the client with a 200 status.
login_hint_token

A string that specifies a token that provides a way for the client to identify and authenticate the end-user without needing to encode the entire authentication request in a signed JWT. In this use case, the request token can include the sub claim to identify the user, which allows it to be used as the login_hint_token.

request

A string that specifies a JWT that enables OIDC/OAuth2 request parameters to be passed as a single, self-contained parameter. For more information about creating the request token, see Create a request property JWT.

Note: In the Postman collection linked to this use case, this step includes a Pre-req script that creates the request token and assigns its value to your Postman environment. You do not need to create the request JWT manually to run this collection.