With Authorization Code, Implicit, and Device Authorization grant types, an authorization server (AS) prompts the user (the resource owner) to grant authorization to share the user's information hosted by a resource server (RS). When granted, the AS issues an access token to the client. The client can then use the access token to access such information from the RS.
- Default consent user interface
- PingFederate handles the consent approval process by presenting the Request for Approval page to the resource owner by default. This page displays a list of requested permissions (scopes) along with their descriptions as configured in PingFederate. It is up to the user to approve or deny individual scopes.
- External consent user interface
- As use cases evolve towards giving users more control over their data, it is becoming more important to provide detailed information about the requests. While the scope description may help, PingFederate also supports the use of an external web application to prompt for authorization consent. This approach opens up the opportunity to retrieve additional information specific to the users. For example, the web application can be written in such a way that when a client requests the read_bank_account scope, the web application retrieves the user's customer information file and gives the user the ability to choose which account (or accounts) to be made available to the client.