With Authorization Code, Implicit, and Device Authorization grant types, an authorization server (AS) prompts the user to grant authorization to share user information. Once granted, the AS issues an access token to the client who uses it to access information from the resource server (RS).
- Default consent user interface
- PingFederate handles the consent approval process by presenting the Request for Approval window to the user by default. This window displays a list of requested permissions, scopes, along with their descriptions as configured in PingFederate. It is up to the user to approve or deny individual scopes.
- External consent user interface
- As use cases evolve towards giving users more control over their data, it becomes more important to provide detailed information about the requests. While the scope description can help, PingFederate also supports the use of an external web application to prompt for authorization consent. This approach opens up the opportunity to retrieve additional information specific to the users. For example, the web application can be written in such a way that when a client requests the read_bank_account scope, the web application retrieves the user's customer information file and gives the user the ability to choose which accounts to make available to the client.