PingOne

Device custom verification URIs

Device authorization applications can use a device custom verification URI to present a shorter URL that is easier for the user to enter.

Device custom verification URIs can be configured for applications for which the Device Authorization grant type is enabled. For more information, see Grant types.

Instead of presenting the user with a PingOne URL, such as https://auth.pingone.com/device/082dba86-d36e-413e-85b4-ee499a5cea55, a device custom verification URI provides them with a shorter URL, for example https://example.com/device, that’s easier to enter or remember.

When you configure your device authorization application in PingOne, you can define this URI using the Device Custom Verification URI setting. If you configure the Device Custom Verification URI setting, the response from PingOne returns the URL as configured. If you do not use this setting, the generated device custom verification URI follows these rules:

Response URL formats
Custom domain configured for the environment? Device Path IDconfigured? Format of URL returned from PingOnePingOne

Yes

Yes

URL returned by PingOne is in one of the following formats:

  • https://<customDomain>/device/<devicePathId>

  • https://<customDomain>/device/<devicePathId>?user_code=<userCode>

Yes

No

URL returned by PingOne in one of the following formats:

  • https://<customDomain>/device

  • https://<customDomain>/device?user_code=<userCode>

No

Yes

URL returned by PingOne is in one of the following formats:

  • https://auth.pingone.<region>/<envId>/device/<devicePathId>

  • https://auth.pingone.<region>/<envId>/device/<devicePathId>?user_code=<userCode>

The URLs for the Device Custom Verification URI and for the redirect are generated based on the inbound initial authorize call. For more information, see Configuring a redirect for a device custom verification URI.

For example, if the custom domain for the environment is example.com, but the initial call is from https://auth.pingone.com/<envID>/as/device_authorization, then the generated device custom verification URI will have a format of https://auth.pingone.com/<envId>/device/<devicePathId>.

If the initial call is from https://example.com/as/device_authorization, the generated device custom verification URI will have a format of https://example.com/device/<devicePathId>.