You can reference data from PingOne within your flow.
The format for this information is global.parameters.<parameter
name>
. Some parameters depend on the protocol used to launch
the flow, while others are supplied by the PingOne application.
Property | Description |
---|---|
|
An object that specifies all the parameters from the OIDC authorization request. |
|
A string that specifies a custom URL parameter added to the OIDC authorization request. Replace <customParameter> with the name of the custom URL parameter. |
|
A string that specifies the client ID of the application associated with this authorize request. |
|
A string that specifies the URL of the return entry point of the application. |
|
A string that specifies the code or token type returned by an
authorization request. Options are |
|
A string that specifies the permissions that determine the resources that the application can access. |
|
A string that maintains the state between the logout request and the callback to the endpoint specified by the post_logout_redirect_uri query parameter. |
|
A string that is used to associate a client session with a token to mitigate replay attacks. The value is passed through unmodified from the authentication request to the token. This is an optional property for authorization requests that return a code. |
|
A string that is used by the flow designer to pass in useful information. |
|
A string that is used to designate a login identifier to pre-fill the username field of the sign-on screen. |
|
A string that specifies the maximum amount of time allowed (in
seconds) since the user last authenticated. If the
max_age value is exceeded, the user must
re-authenticate. If the max_age value is set to
0 ( |
|
A string that specifies whether the user is prompted to sign on for re-authentication. The prompt parameter can be used as a way to check for existing authentication, verifying that the user is still present for the current session. |
|
A string that specifies the mechanism for returning authorization
response parameters from the authorization endpoint. Options are
|
|
A string that is computed from the code_verifier that is used in a Proof Key for Code Exchange (PKCE) authorization request. |
|
A string that specifies the computation logic used to generate the
code_challenge string. The token endpoint
uses this method to verify the code_verifier
for PKCE authorization requests. Options are |
|
A string that is used to create the code_challenge value passed to the authorization server in the request. |
|
An object that specifies OIDC/OAuth2 request parameters. |
For example, the following code references the login hint in a flow launched using OIDC:
global.parameters.authorizationRequest.login_hint
Property | Description |
---|---|
|
A string that specifies all the parameters from the SAML request. |
|
A string that specifies the service provider entity ID used to look up the application. This is a required property and is unique within the environment. |
|
A boolean that, when set to true, specifies that the identity provider must authenticate the presenter directly rather than rely on a previous security context. If a value is not provided, the default value is false. |
|
A boolean that, when set to true, specifies that the identity provider and the user agent itself must not visibly take control of the user interface from the requester and interact with the presenter in a noticeable fashion. If a value is not provided, the default value is false. |
|
A boolean that specifies whether the SAML assertion should be signed. The default value is false. |
|
A string that specifies the SAML subject ID. |
|
A string that specifies the authentication methods for the request. |
For example, the following code references the subject ID in a flow launched using SAML:
global.parameters.samlRequest.subject
Property | Description |
---|---|
|
An object that specifies the configuration information about the PingOne application that initiated the authentication request. |
|
A string that specifies the custom home page URL for the application. |
|
A string that specifies the application ID. |
|
A string that specifies the application name. |
|
A string that specifies the protocol for the application. Options are OPENID_CONNECT and SAML. |
|
A string that specifies the application type. Valid values are
|
For example, the following code references the application ID in a flow, regardless of the protocol used to launch the flow:
global.parameters.application.id
Property | Description |
---|---|
|
A string that specifies an identifier to pre-fill the username field of a sign-on screen. |
|
An integer that specifies the maximum amount of time allowed (in
seconds) since the user last authenticated. If the user's last sign
on in the session is greater than the integer value specified in
this property, then existing session information cannot be used to
skip authentication or influence any authentication logic. This
value is set automatically to 0 if |
For example, the following code references the login hint, regardless of the protocol used to launch the flow:
global.parameters.loginHint