Configuring a redirect for a device custom verification URI
If the Device Custom Verification URI setting is configured for a device authorization application, the administrator must configure a redirect to which PingOne forwards the OIDC response after authentication.
About this task
The format of the redirect depends on a combination of two factors:
-
Is a custom domain configured for the environment?
-
Is the Device Path ID configured for the application?
Steps
-
Configure your redirects based on the information in the following table:
+[caption=] .Redirect formats for device custom verification URI
Custom domain configured for the environment? | Device Path IDconfigured? | Valid formats for redirects |
---|---|---|
Yes |
Yes |
|
Yes |
No |
|
No |
Yes |
|
No |
No |
|
The clientId path is safer because that value does not change (devicePathId can change). In addition, a redirect to |
Example:
+
For example, if the custom domain for the environment is set to acme-corporation.com
, the Device Custom Verification URI for the application is set to https://acme.com/go
, and the client ID for the application is c78dbdd0-cc2c-42fa-b275-486503c30d2b
, the workflow is:
-
The end user enters the short URL, such as
https://acme.com/go
, in a browser to start the activation flow. -
Outside of PingOne, the administrator has configured the following redirect to redirect the browser and start the device authorization flow:
https://acme-corporation.com/device/c78dbdd0-cc2c-42fa-b275-486503c30d2b
. -
In PingOne, the flow redirects to https://acme-corporation.com/signon?flowId=03f3581c-7fee-4bf5-adb1-ed056d31ce91 to start the PingOne flow.
Next steps
For more information about configuring your device authorization application, see Editing an application - Device authorization.