The authorization endpoint is used to interact with the end user and obtain an authorization grant. The sample shows the GET /{environmentId}/as/authorize operation, which includes the response_mode parameter to designate one of the following special authentication flow options:

To enable these flows, the authorize request uses the following properties as parameters in the request to determine the authorization processing flow:

Property Description
response_mode A string that specifies the mechanism for returning authorization response parameters from the authorization endpoint. This property specifies the pi.flow value to designate that the redirect_uri parameter is not required and authorization response parameters are encoded as a JSON object wrapped in a flow response and returned directly to the client with a 200 status.
login_hint_token A token that provides a way for the client to identify and authenticate the end-user without needing to encode the entire authentication request in a signed JWT. Using a separate token instead of the login_hint parameter also means that this token can be signed by a client different from the authenticating client.

To build the login_hint_token JWT, see Create a login_hint_token JWT.