--- title: Specifying auth journeys/flows using ACR values description: The Ping (ForgeRock) SDKs for Android, iOS, and JavaScript leverage the standards-based authorization code flow with PKCE. component: sdks version: latest page_id: sdks:oidc:sdkconfiguration/add-acr-values canonical_url: https://docs.pingidentity.com/sdks/latest/oidc/sdkconfiguration/add-acr-values.html revdate: Thu, 24 Apr 2025 14:44:20 +0100 keywords: ["OAuth 2.0", "OpenID Connect", "Setup & Configuration", "Source Code", "Integration", "SDK"] section_ids: adding_acr_parameters: Adding ACR parameters --- # Specifying auth journeys/flows using ACR values The Ping (ForgeRock) SDKs for Android, iOS, and JavaScript leverage the standards-based authorization code flow with PKCE. When using OIDC login the client app can request which journey or flow the authorization server uses by adding an Authentication Context Class Reference (ACR) parameter during the process. In the OpenID Connect specification the ACR parameter identifies a set of criteria that the user must satisfy when authenticating to the OpenID provider. For example, which authentication journey or DaVinci flow the user should complete. ## Adding ACR parameters Select your platform below to learn how to add an ACR parameter to your applications. * Android * iOS * JavaScript In the `FRUser.browser()` method, use the `setAdditionalParameters` function to add an `acr_values` parameter, and one or more ACR values: ```java FRUser.browser().appAuthConfigurer() .authorizationRequest(r → { Map additionalParameters = new HashMap<>(); additionalParameters.put("acr_values", "RegistrationJourney"); r.setAdditionalParameters(additionalParameters) }) .done() .login(this, new FRListener() { @Override public void onSuccess(FRUser result) { userinfo(); } @Override public void onException(Exception e) { System.out.println(e); } }); ``` Replace *RegistrationJourney* with the ACR key that your authorization server requires. * PingOne Enter a single DaVinci policy, by using its flow policy ID, or one or more PingOne policies by specifying the policy names, separated by spaces or the encoded space character `%20`. Examples: * DaVinci flow policy ID `"d1210a6b0b2665dbaa5b652221badba2"` * PingOne policy names `"Single_Factor%20Multi_Factor"` * PingOne Advanced Identity Cloud or PingAM Enter one or more of the ACR mapping keys as configured in the OAuth 2.0 provider service. To learn more, refer to [Configure acr claims](https://docs.pingidentity.com/pingoneaic/latest/am-oidc1/oidc-authentication-requirements.html#proc-configure-acr). | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | You can list the available keys by inspecting the `acr_values_supported` property in the output of your OAuth 2.0 client's `/oauth2/.well-known/openid-configuration` endpoint. | In the `FRUser.browser()` method, use the `setCustomParam` function to add an `acr_values` key parameter, and one or more ACR values: ```swift func performCentralizedLogin() { FRUser.browser()? .set(presentingViewController: self) .set( browserType: .authSession) #.setCustomParam( key: "acr_values", value: "RegistrationJourney") .build().login { (user, error) in self.displayLog("User: \(String(describing: user)) || Error: \(String(describing: error))") } return } ``` Replace *RegistrationJourney* with the ACR key that your authorization server requires. * PingOne Enter a single DaVinci policy, by using its flow policy ID, or one or more PingOne policies by specifying the policy names, separated by spaces or the encoded space character `%20`. Examples: * DaVinci flow policy ID `"d1210a6b0b2665dbaa5b652221badba2"` * PingOne policy names `"Single_Factor%20Multi_Factor"` * PingOne Advanced Identity Cloud or PingAM Enter one or more of the ACR mapping keys as configured in the OAuth 2.0 provider service. To learn more, refer to [Configure acr claims](https://docs.pingidentity.com/pingoneaic/latest/am-oidc1/oidc-authentication-requirements.html#proc-configure-acr). | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | You can list the available keys by inspecting the `acr_values_supported` property in the output of your OAuth 2.0 client's `/oauth2/.well-known/openid-configuration` endpoint. | In the `TokenManager.getTokens()` method, add an `acr_values` query parameter, and one or more ACR values: ```js await TokenManager.getTokens({ login: 'redirect', query: { acr_values: "RegistrationJourney" } }); ``` Replace *RegistrationJourney* with the ACR key that your authorization server requires. * PingOne Enter a single DaVinci policy, by using its flow policy ID, or one or more PingOne policies by specifying the policy names, separated by spaces or the encoded space character `%20`. Examples: * DaVinci flow policy ID `"d1210a6b0b2665dbaa5b652221badba2"` * PingOne policy names `"Single_Factor%20Multi_Factor"` * PingOne Advanced Identity Cloud or PingAM Enter one or more of the ACR mapping keys as configured in the OAuth 2.0 provider service. To learn more, refer to [Configure acr claims](https://docs.pingidentity.com/pingoneaic/latest/am-oidc1/oidc-authentication-requirements.html#proc-configure-acr). | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | You can list the available keys by inspecting the `acr_values_supported` property in the output of your OAuth 2.0 client's `/oauth2/.well-known/openid-configuration` endpoint. |