pingidentity · wesleymccollam · May 20, 2026 · Apr 23, 2026 · Apr 23, 2026 · May 6, 2026
@@ -0,0 +1,3 @@
+```release-note:bug
+Add missing PingOne Authentication Environment ID option to request command
+```
@@ -82,6 +82,7 @@ The command offers a cURL-like experience to interact with the Ping platform ser
 }
 
 func initPingOneRequestFlags(cmd *cobra.Command) {
+	cmd.Flags().AddFlag(options.PingOneAuthenticationAPIEnvironmentIDOption.Flag)
 	cmd.Flags().AddFlag(options.PingOneAuthenticationWorkerEnvironmentIDOption.Flag)
 	cmd.Flags().AddFlag(options.PingOneAuthenticationWorkerClientIDOption.Flag)
 	cmd.Flags().AddFlag(options.PingOneAuthenticationWorkerClientSecretOption.Flag)

@@ -8,12 +8,15 @@ import (
 	"io"
 	"os"
 	"regexp"
+	"strings"
 	"testing"
 
 	"github.com/pingidentity/pingcli/cmd/common"
+	auth_internal "github.com/pingidentity/pingcli/internal/commands/auth"
 	request_internal "github.com/pingidentity/pingcli/internal/commands/request"
 	"github.com/pingidentity/pingcli/internal/configuration/options"
 	"github.com/pingidentity/pingcli/internal/customtypes"
+	"github.com/pingidentity/pingcli/internal/profiles"
 	"github.com/pingidentity/pingcli/internal/testing/testutils_cobra"
 	"github.com/pingidentity/pingcli/internal/testing/testutils_koanf"
 	"github.com/stretchr/testify/assert"
@@ -108,6 +111,10 @@ func Test_RequestCommand_Validation(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			testutils_koanf.InitKoanfs(t)
 
+			if tc.name == "Happy Path - with header" && (os.Getenv("CI") != "" || os.Getenv("GITHUB_ACTIONS") != "") {
+				t.Skip("Skipping live request test in CI environment due to keychain warning")
+			}
+
 			err := testutils_cobra.ExecutePingcli(t, append([]string{"request"}, tc.args...)...)
 
 			if !tc.expectErr {
@@ -131,6 +138,7 @@ func Test_RequestCommand_Validation(t *testing.T) {
 // making a real API call and validating the JSON output.
 func Test_RequestCommand_E2E(t *testing.T) {
 	testutils_koanf.InitKoanfs(t)
+	t.Setenv(options.AuthStorageOption.EnvVar, customtypes.ENUM_STORAGE_TYPE_NONE)
 
 	originalStdout := os.Stdout
 	r, w, err := os.Pipe()
@@ -160,3 +168,32 @@ func Test_RequestCommand_E2E(t *testing.T) {
 	assert.NotEmpty(t, bodyJSON, "Response JSON body is empty")
 	assert.True(t, json.Valid(bodyJSON), "Output JSON is not valid")
 }
+
+func Test_RequestCommand_HelpIncludesPingOneEnvironmentFlag(t *testing.T) {
+	testutils_koanf.InitKoanfs(t)
+
+	output, err := testutils_cobra.ExecutePingcliCaptureCobraOutput(t, "request", "--help")
+	require.NoError(t, err)
+	assert.Contains(t, output, "--"+options.PingOneAuthenticationAPIEnvironmentIDOption.CobraParamName)
+}
+
+func Test_RequestCommand_ClientCredentialsEnvironmentErrorUsesSupportedConfigKey(t *testing.T) {
+	testutils_koanf.InitKoanfs(t)
+
+	t.Setenv(options.PingOneAuthenticationAPIEnvironmentIDOption.EnvVar, "")
+	t.Setenv(options.PingOneAuthenticationClientCredentialsClientIDOption.EnvVar, "00000000-0000-0000-0000-000000000001")
+	t.Setenv(options.PingOneAuthenticationClientCredentialsClientSecretOption.EnvVar, "test-secret")
+
+	koanfCfg, err := profiles.GetKoanfConfig()
+	require.NoError(t, err)
+	require.NoError(t, koanfCfg.KoanfInstance().Set("default."+options.PingOneAuthenticationAPIEnvironmentIDOption.KoanfKey, ""))
+
+	message := auth_internal.ErrClientCredentialsEnvironmentIDNotConfigured.Error()
+	assert.Contains(t, message, "service.pingOne.authentication.environmentID")
+	assert.NotContains(t, message, "service.pingone.authentication.clientCredentials.environmentID")
+
+	_, err = auth_internal.GetClientCredentialsConfiguration()
+	require.Error(t, err)
+	assert.ErrorContains(t, err, "service.pingOne.authentication.environmentID")
+	assert.False(t, strings.Contains(err.Error(), "service.pingone."))
+}
@@ -13,31 +13,31 @@ var (
 	ErrUnsupportedAuthMethod          = errors.New("unsupported grant type")
 	ErrTokenKeyGenerationRequirements = errors.New("environment ID and client ID are required for token key generation")
 	ErrGrantTypeNotSet                = errors.New("configuration does not have grant type set")
-	ErrRegionCodeRequired             = errors.New("region code is required and must be valid. Please run 'pingcli config set service.pingone.regionCode=<region>'")
-	ErrEnvironmentIDNotConfigured     = errors.New("environment ID is not configured. Please run 'pingcli config set service.pingone.authentication.environmentID=<your-env-id>'")
+	ErrRegionCodeRequired             = errors.New("region code is required and must be valid. Please run 'pingcli config set service.pingOne.regionCode=<region>'")
+	ErrEnvironmentIDNotConfigured     = errors.New("environment ID is not configured. Please run 'pingcli config set service.pingOne.authentication.environmentID=<your-env-id>'")
 	ErrTokenStorageDisabled           = errors.New("token storage is disabled")
 	ErrInvalidAuthMethod              = errors.New("invalid authentication method flag provided")
 
 	// Device code errors
-	ErrDeviceCodeClientIDNotConfigured      = errors.New("device code client ID is not configured. Please run 'pingcli config set service.pingone.authentication.deviceCode.clientID=<your-client-id>'")
-	ErrDeviceCodeEnvironmentIDNotConfigured = errors.New("device code environment ID is not configured. Please run 'pingcli config set service.pingone.authentication.deviceCode.environmentID=<your-env-id>'")
+	ErrDeviceCodeClientIDNotConfigured      = errors.New("device code client ID is not configured. Please run 'pingcli config set service.pingOne.authentication.deviceCode.clientID=<your-client-id>'")
+	ErrDeviceCodeEnvironmentIDNotConfigured = errors.New("device code environment ID is not configured. Please run 'pingcli config set service.pingOne.authentication.environmentID=<your-env-id>'")
 
 	// Auth code errors
-	ErrAuthorizationCodeClientIDNotConfigured        = errors.New("authorization code client ID is not configured. Please run 'pingcli config set service.pingone.authentication.authorizationCode.clientID=<your-client-id>'")
-	ErrAuthorizationCodeEnvironmentIDNotConfigured   = errors.New("authorization code environment ID is not configured. Please run 'pingcli config set service.pingone.authentication.authorizationCode.environmentID=<your-env-id>'")
-	ErrAuthorizationCodeRedirectURINotConfigured     = errors.New("authorization code redirect URI is not configured. Please run 'pingcli config set service.pingone.authentication.authorizationCode.redirectURI=<your-redirect-uri>'")
-	ErrAuthorizationCodeRedirectURIPathNotConfigured = errors.New("authorization code redirect URI path is not configured. Please run 'pingcli config set service.pingone.authentication.authorizationCode.redirectURIPath=<path>'")
-	ErrAuthorizationCodeRedirectURIPortNotConfigured = errors.New("authorization code redirect URI port is not configured. Please run 'pingcli config set service.pingone.authentication.authorizationCode.redirectURIPort=<port>'")
+	ErrAuthorizationCodeClientIDNotConfigured        = errors.New("authorization code client ID is not configured. Please run 'pingcli config set service.pingOne.authentication.authorizationCode.clientID=<your-client-id>'")
+	ErrAuthorizationCodeEnvironmentIDNotConfigured   = errors.New("authorization code environment ID is not configured. Please run 'pingcli config set service.pingOne.authentication.environmentID=<your-env-id>'")
+	ErrAuthorizationCodeRedirectURINotConfigured     = errors.New("authorization code redirect URI is not configured. Please run 'pingcli config set service.pingOne.authentication.authorizationCode.redirectURI=<your-redirect-uri>'")
+	ErrAuthorizationCodeRedirectURIPathNotConfigured = errors.New("authorization code redirect URI path is not configured. Please run 'pingcli config set service.pingOne.authentication.authorizationCode.redirectURIPath=<path>'")
+	ErrAuthorizationCodeRedirectURIPortNotConfigured = errors.New("authorization code redirect URI port is not configured. Please run 'pingcli config set service.pingOne.authentication.authorizationCode.redirectURIPort=<port>'")
 
 	// Client credentials errors
-	ErrClientCredentialsClientIDNotConfigured      = errors.New("client credentials client ID is not configured. Please run 'pingcli config set service.pingone.authentication.clientCredentials.clientID=<your-client-id>'")
-	ErrClientCredentialsClientSecretNotConfigured  = errors.New("client credentials client secret is not configured. Please run 'pingcli config set service.pingone.authentication.clientCredentials.clientSecret=<your-client-secret>'")
-	ErrClientCredentialsEnvironmentIDNotConfigured = errors.New("client credentials environment ID is not configured. Please run 'pingcli config set service.pingone.authentication.clientCredentials.environmentID=<your-env-id>'")
+	ErrClientCredentialsClientIDNotConfigured      = errors.New("client credentials client ID is not configured. Please run 'pingcli config set service.pingOne.authentication.clientCredentials.clientID=<your-client-id>'")
+	ErrClientCredentialsClientSecretNotConfigured  = errors.New("client credentials client secret is not configured. Please run 'pingcli config set service.pingOne.authentication.clientCredentials.clientSecret=<your-client-secret>'")
+	ErrClientCredentialsEnvironmentIDNotConfigured = errors.New("client credentials environment ID is not configured. Please run 'pingcli config set service.pingOne.authentication.environmentID=<your-env-id>'")
 
 	// Worker errors
-	ErrWorkerClientIDNotConfigured      = errors.New("worker client ID is not configured. Please run 'pingcli config set service.pingone.authentication.worker.clientID=<your-client-id>'")
-	ErrWorkerClientSecretNotConfigured  = errors.New("worker client secret is not configured. Please run 'pingcli config set service.pingone.authentication.worker.clientSecret=<your-client-secret>'")
-	ErrWorkerEnvironmentIDNotConfigured = errors.New("worker environment ID is not configured. Please run 'pingcli config set service.pingone.authentication.worker.environmentID=<your-env-id>'")
+	ErrWorkerClientIDNotConfigured      = errors.New("worker client ID is not configured. Please run 'pingcli config set service.pingOne.authentication.worker.clientID=<your-client-id>'")
+	ErrWorkerClientSecretNotConfigured  = errors.New("worker client secret is not configured. Please run 'pingcli config set service.pingOne.authentication.worker.clientSecret=<your-client-secret>'")
+	ErrWorkerEnvironmentIDNotConfigured = errors.New("worker environment ID is not configured. Please run 'pingcli config set service.pingOne.authentication.worker.environmentID=<your-env-id>'")
 
 	// PingFederate errors
 	ErrPingFederateContextNil  = errors.New("failed to initialize PingFederate services. context is nil")

@@ -57,5 +57,7 @@ func ExecutePingcliCaptureCobraOutput(t *testing.T, args ...string) (output stri
 	root.SetOut(&stdout)
 	root.SetErr(&stdout)
 
-	return stdout.String(), root.Execute()
+	err = root.Execute()
+
+	return stdout.String(), err
 }