PingOne supports transaction approval when strong authentication is required for elevated security for a high-value transaction, or high-risk resource or service. The sample shows the GET /{environmentId}/as/authorize operation, which includes the response_mode and request parameters in the authorization request.

To enable a secure transaction approval flow, the request uses the following properties as parameters to determine the authorization processing flow:

Property Description
response_mode A string that specifies the mechanism for returning authorization response parameters from the authorization endpoint. This property specifies the pi.flow value to designate that the redirect_uri parameter is not required and authorization response parameters are encoded as a JSON object wrapped in a flow response and returned directly to the client with a 200 status.
request A JWT that enables OIDC/OAuth2 request parameters to be passed as a single, self-contained parameter. Using a JWT enables integrity protection of parameters that are required for risk based authentication or privacy and consent use cases. Specifically:
  • Passing in the user agent’s original IP address when the PingOne platform is used behind a server side application that is functioning as an authentication gateway or PingFederate.
  • Passing in a purpose or usage description string that could be displayed to the user on the authentication UI prompt, SMS message, push notification, or email message.

The request property contains request parameters from the application. If the application’s supportUnsignedRequestObject property value is set to false, the JWT must be signed using the client secret key. Using a JWT enables integrity protection of parameters that are required for risk based authentication or privacy and consent use cases.

The request property JWT should be constructed according to the following example:

"header" :
{
  "alg": "HS256",
  "typ": "JWT"
},
"body" : 
{
  "aud": "https://auth.pingone.com/{envId}/as",
  "iss": "{applicationId}",
  "pi.template": {
    "name": "{templateName}",
    "variables": {
      "key1": "value1"
    }
  },
  "pi.clientContext": {
    "key2": "value2"
  }
}

For more information, see Create a request property JWT.