CoxAuto PingFederate Authorization Code Demo

Disclaimer

This is a demo application, meant for testing purposes only. Do not use this application's unmodified code in a production environment.

The Authorization endpoint will authenticate the user and return the user to our redirect_uri, with an authorization code in hand

Request

GET https://authorize.coxautoinc.com/oauth2/aus132uaxy2eomhmi357/v1/authorizeresponse_type=code&client_id=0oa15utrlayy6AcM9358&scope=openid&redirect_uri=https%3A%2F%2Feventer-oauth-demo-a.awsmetnp.manheim.com%2Fcipcallback

Parameters

response_type
always code, when we're initiating the authorization code process.
client_id
The client id of the application initiating the authcode login process.
scope
The list of scopes the application needs to do its job. Include profile openid email to access basic user information via the introspect endpoint and the identity token.
redirect_uri
The uri to which ping will send the user when she has successfully authenticated.

Remember to urlEncode your parameters!

The token endpoint exchanges an authorization code and your client's credentials for an access token and a refresh token.

Request

POST https://authorize.coxautoinc.com/oauth2/aus132uaxy2eomhmi357/v1/token

x-www-form-urlencoded body:

  • client_id=0oa15utrlayy6AcM9358
  • client_secret=••••••
  • code=
  • redirect_uri=https://eventer-oauth-demo-a.awsmetnp.manheim.com/cipcallback
  • grant_type=authorization_code

    • Parameters

    client_id
    The client id of the application requesting a token.
    client_secret
    The client secret of the application requesting a token.
    code
    The code returned to the application's redirect_uri
    redirect_uri
    The same redirect_uri to which the user was redirected after the authorization step
    grant_type
    The method you wish to use to authenticate. In this case, we'll use authorization code, but we can also choose client_credentials or refresh_token.

    Remember to urlEncode your parameters!

    Available scopes: email, profile, openid, eventer:test

    Disclaimer

    This is a demo application, meant for testing purposes only. Do not use this application's unmodified code in a production environment.

    The Authorization endpoint will authenticate the user and return the user to our redirect_uri, with an authorization code in hand

    Request

    GET https://e2e.api.manheim.com/oauth2/authorization.oauth2response_type=code&adaptor=&client_id=cu3w4a59xayqrvmhfexrkx4y&scope=profile%20openid&redirect_uri=https%3A%2F%2Feventer-oauth-demo-a.awsmetnp.manheim.com%2Fcallback

    Parameters

    response_type
    always code, when we're initiating the authorization code process.
    adaptor
    This points to the identity provider you intend to use. Currently, our options are manheim_customer for vicki, or cai_okta for employee login via okta.
    client_id
    The client id of the application initiating the authcode login process.
    scope
    The list of scopes the application needs to do its job. Include profile openid email to access basic user information via the introspect endpoint and the identity token.
    redirect_uri
    The uri to which ping will send the user when she has successfully authenticated.

    Remember to urlEncode your parameters!

    The token endpoint exchanges an authorization code and your client's credentials for an access token and a refresh token.

    Request

    POST https://e2e.api.manheim.com/oauth2/token.oauth2
    api_key: cu3w4a59xayqrvmhfexrkx4y

    x-www-form-urlencoded body:

    • client_id=cu3w4a59xayqrvmhfexrkx4y
    • client_secret=••••••
    • code=
    • redirect_uri=https://eventer-oauth-demo-a.awsmetnp.manheim.com/callback
    • grant_type=authorization_code

      • Parameters

      client_id
      The client id of the application requesting a token.
      client_secret
      The client secret of the application requesting a token.
      code
      The code returned to the application's redirect_uri
      redirect_uri
      The same redirect_uri to which the user was redirected after the authorization step
      grant_type
      The method you wish to use to authenticate. In this case, we'll use authorization code, but we can also choose client_credentials or refresh_token.

      Remember to urlEncode your parameters!

      The introspect endpoint takes a token and a client's credentials, and returns information about the token and the user who requested it.

      Request

      POST https://e2e.api.manheim.com/oauth2/introspect.oauth2
      api-key: cu3w4a59xayqrvmhfexrkx4y

      x-www-form-urlencoded body:

      • client_id=cu3w4a59xayqrvmhfexrkx4y
      • client_secret=••••••
      • token=
      • token_type_hint=access_token

        • Parameters

        client_id
        The client id of the application requesting a token.
        client_secret
        The client secret of the application requesting a token.
        token
        The access token to be introspected
        token_type_hint
        Optional parameter. Ping assumes access_token, but we can also introspect a refresh_token.

        Remember to urlEncode your parameters!

        The token endpointCan also exchange a refresh token for a new access token and refresh token, without asking the user to enter her credentials a second time.

        Request

        POST https://e2e.api.manheim.com/oauth2/token.oauth2
        api_key: cu3w4a59xayqrvmhfexrkx4y

        x-www-form-urlencoded body:

        • client_id=cu3w4a59xayqrvmhfexrkx4y
        • client_secret=••••••
        • grant_type=refresh_token
        • refresh_token=

          • Parameters

          client_id
          The client id of the application requesting a token.
          client_secret
          The client secret of the application requesting a token.
          refresh_token
          The refresh_token returned to the application alongside the access_token
          grant_type
          The method you wish to use to authenticate. In this case, we'll use refresh_token, but we can also choose client_credentials or authorization_code.

          Remember to urlEncode your parameters!

          Single Logout

          The startSLO endpoint terminates the user's ping browser session, preventing the user's bypassing the credentials screen during subsequent application logins.

          This page also simultaneously calls a logout endpoint for each client (app) with which the user has logged in.

          The application developer should have a single logout url configured in Ping Federate. This endpoint should:

          • Terminate the user's session
          • Revoke the user's active token
          • Return a 1x1 blank white image

          Request

          GET https://e2e.api.manheim.com/auth/idp/startSLO.pingTargetResource=https://eventer-oauth-demo-a.awsmetnp.manheim.com/slo&InErrorResource=https://eventer-oauth-demo-a.awsmetnp.manheim.com/slo

          Parameters

          TargetResource
          Your TargetResource is your SLO callback. The user is redirected to this url upon successful completion of the SLO process.
          InErrorResource
          The user will be redirected to your InErrorResource in the event of an error in any SLO-registered application's slo endpoint.

          Remember to urlEncode your parameters!

          Revoke a token to disable it for future requests

          Request

          POST https://e2e.api.manheim.com/oauth2/revoke_token
          api-key: cu3w4a59xayqrvmhfexrkx4y

          x-www-form-urlencoded body:

          • client_id=cu3w4a59xayqrvmhfexrkx4y
          • client_secret=••••••
          • token=
          • token_type_hint=access_token

            • Parameters

            client_id
            The client id of the application requesting a token.
            client_secret
            The client secret of the application requesting a token.
            token
            The access token to be revoked
            token_type_hint
            Optional parameter. Ping assumes access_token, but we can also revoke a refresh_token.

            Remember to urlEncode your parameters!