--- title: Before you begin description: Prepare component: sdks version: latest page_id: sdks:oidc:tutorials/android/aic/00_before-you-begin canonical_url: https://docs.pingidentity.com/sdks/latest/oidc/tutorials/android/aic/00_before-you-begin.html revdate: Mon, 3 Jul 2023 18:00:37 +0100 keywords: ["OAuth 2.0", "OpenID Connect", "Tutorial", "Source Code", "Integration", "SDK", "Android"] section_ids: compatibility: Compatibility prerequisites: Prerequisites server_configuration: Server configuration --- # Before you begin * **Prepare** * [Download](01_downloading-samples-repo.html) * [Configure](02_configuring-connection-properties.html) * [Run](03_test-the-app.html) *** To successfully complete this tutorial refer to the prerequisites in this section. The tutorial also requires a configured PingOne Advanced Identity Cloud tenant. ## Compatibility * Android This sample requires at least Android API 23 (Android 6.0) * Java This sample requires at least Java 8 (v1.8). ## Prerequisites * Android Studio Download and install [Android Studio](https://developer.android.com/studio), which is available for many popular operating systems. * An Android emulator or physical device To try the quick start application as you develop it, you need an Android device. To add a virtual, emulated Android device to Android Studio, refer to [Create and manage virtual devices](https://developer.android.com/studio/run/managing-avds), on the **Android Developers** website. ## Server configuration This tutorial requires you to configure your PingOne Advanced Identity Cloud tenant as follows: > **Collapse: Task 1. Create a demo user** > > The samples and tutorials in this documentation often require that you have an identity set up so that you can test authentication. > > To create a demo user in PingOne Advanced Identity Cloud, follow these steps: > > 1. Log in to your PingOne Advanced Identity Cloud tenant. > > 2. In the left panel, click Identities > Manage. > > 3. Click [icon: plus, set=fa]New Alpha realm - User. > > 4. Enter the following details: > > * **Username** = `demo` > > * **First Name** = `Demo` > > * **Last Name** = `User` > > * **Email Address** = `demo.user@example.com` > > * **Password** = `Ch4ng3it!` > > 5. Click Save. > **Collapse: Task 2. Create an authentication journey** > > Authentication journeys provide fine-grained authentication by allowing multiple paths and decision points throughout the flow. Authentication journeys are made up of nodes that define actions taken during authentication. > > Each node performs a single task, such as collecting a username or making a simple decision. Nodes can have multiple outcomes rather than just success or failure. > > To create a simple journey for use when testing the Ping (ForgeRock) SDKs, follow these steps: > > 1. In your PingOne Advanced Identity Cloud tenant, navigate to Journeys, and click [icon: plus, set=fa]New Journey. > > 2. Enter a name, such as `sdkUsernamePasswordJourney` and click Save. > > The authentication journey designer appears. > > 3. Drag the following nodes into the designer area: > > * **Page Node** > > * **Platform Username** > > * **Platform Password** > > * **Data Store Decision** > > 4. Drag and drop the **Platform Username** and **Platform Password** nodes onto the **Page Node**, so that they both appear on the same page when logging in. > > 5. Connect the nodes as follows: > > ![sdk username password journey idcloud en](../../../../_images/sdk-username-password-journey-idcloud-en.png)Figure 1. Example username and password authentication journey > > 6. Click Save. > **Collapse: Task 3. Register a public OAuth 2.0 client** > > Public clients do not use a client secret to obtain tokens because they are unable to keep them hidden. The Ping (ForgeRock) SDKs commonly use this type of client to obtain tokens, as they cannot guarantee safekeeping of the client credentials in a browser or on a mobile device. > > To register a *public* OAuth 2.0 client application for use with the SDKs in PingOne Advanced Identity Cloud, follow these steps: > > 1. Log in to your PingOne Advanced Identity Cloud tenant. > > 2. In the left panel, click Applications. > > 3. Click [icon: plus, set=fa]Custom Application. > > 4. Select OIDC - OpenId Connect as the sign-in method, and then click Next. > > 5. Select Native / SPA as the application type, and then click Next. > > 6. In Name, enter a name for the application, such as `Public SDK Client`. > > 7. In Owners, select a user that is responsible for maintaining the application, and then click Next. > > | | | > | - | ---------------------------------------------------------------------------------- | > | | When trying out the SDKs, you could select the `demo` user you created previously. | > > 8. In Client ID, enter `sdkPublicClient`, and then click Create Application. > > PingOne Advanced Identity Cloud creates the application and displays the details screen. > > 9. On the Sign On tab: > > 1. In Sign-In URLs, enter the following values: > > `org.forgerock.demo://oauth2redirect` > > | | | > | - | ----------------------------------------------------------- | > | | Also add any other domains where you host SDK applications. | > > 2. In Grant Types, enter the following values: > > `Authorization Code` > > `Refresh Token` > > 3. In Scopes, enter the following values: > > `openid profile email address` > > 10. Click Show advanced settings, and on the Authentication tab: > > 1. In Token Endpoint Authentication Method, select `none`. > > 2. In Client Type, select `Public`. > > 3. Enable the Implied Consent property. > > 11. Click Save. > > The application is now configured to accept client connections from and issue OAuth 2.0 tokens to the example applications and tutorials covered by this documentation. > **Collapse: Task 4. Configure the OAuth 2.0 provider** > > The provider specifies the supported OAuth 2.0 configuration options for a realm. > > To ensure the PingOne Advanced Identity Cloud OAuth 2.0 provider service is configured for use with the Ping (ForgeRock) SDKs, follow these steps: > > 1. In your PingOne Advanced Identity Cloud tenant, navigate to Native Consoles > Access Management. > > 2. In the left panel, click [icon: plug, set=fa]Services. > > 3. In the list of services, click OAuth2 Provider. > > 4. On the Core tab, ensure Issue Refresh Tokens is enabled. > > 5. On the Consent tab, ensure Allow Clients to Skip Consent is enabled. > > 6. Click Save Changes.