--- title: Step 2. Configure connection properties description: Prepare component: sdks version: latest page_id: sdks:oidc:tutorials/android/pingone/02_configuring-sample-for-pingone canonical_url: https://docs.pingidentity.com/sdks/latest/oidc/tutorials/android/pingone/02_configuring-sample-for-pingone.html revdate: Thu, 24 Apr 2025 14:44:20 +0100 keywords: ["OAuth 2.0", "OpenID Connect", "Tutorial", "Source Code", "Integration", "SDK", "Android"] --- # Step 2. Configure connection properties * [Prepare](00_before-you-begin.html) * [Download](01_downloading-forgerocksdk.html) * **Configure** * [Run](03_running-sample-pingone.html) *** In this step, you configure the kotlin-central-login-oidc sample to connect to the OAuth 2.0 application you created in PingOne, using OIDC login. 1. In Android Studio, open the `sdk-sample-apps/android/kotlin-central-login-oidc` project you cloned in the previous step. 2. In the Project pane, switch to the Android view. ![android studio android view en](../../../../_images/android-studio-android-view-en.png)Figure 1. Switching the project pane to Android view. 3. In the Android view, navigate to **app > kotlin+java > com.example.app**, and open `Config.kt`. 4. Edit the default values provided in the `PingConfig` class with the values from your PingOne server: `PingConfig` class default values ```kotlin data class PingConfig( var discoveryEndpoint: String = "https://openam-sdks.forgeblocks.com/am/oauth2/realms/alpha/.well-known/openid-configuration", var oauthClientId: String = "AndroidTest", var oauthRedirectUri: String = "org.forgerock.demo:/oauth2redirect", var oauthSignOutRedirectUri: String = "", var cookieName: String = "5421aeddf91aa20", var oauthScope: String = "openid profile email address") ) ``` * *discoveryEndpoint* The `.well-known` endpoint from your OAuth 2.0 application in PingOne. > **Collapse: How do I find my PingOne .well-known URL?** > > To find the `.well-known` endpoint for an OAuth 2.0 client in PingOne: > > 1. Log in to your PingOne administration console. > > 2. Go to **Applications > Applications**, and then select your OAuth 2.0 client. > > For example, sdkPublicClient. > > 3. On the **Overview** tab, expand the **Connection Details** section, and then copy the **OIDC Discovery Endpoint** value. > > ![Locating the .well-known URL in a PingOne client profile.](../../../../_images/p1-client-well-known.png) For example, `https://auth.pingone.com/3072206d-c6ce-ch15-m0nd-f87e972c7cc3/as/.well-known/openid-configuration` * *oauthClientId* The client ID from your OAuth 2.0 application in PingOne. For example, `6c7eb89a-66e9-ab12-cd34-eeaf795650b2` * *oauthRedirectUri* The `redirect_uri` as configured in the OAuth 2.0 client profile. This value must exactly match a value configured in your OAuth 2.0 client. For example, `org.forgerock.demo://oauth2redirect` * *oauthSignOutRedirectUri* Leave this property empty. It signals that the SDK can use the ID token to end the user's session, and does not need to open and return from a web page to perform log out. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------- | | | You must have enabled the **Terminate User Session by ID Token** setting when creating the OAuth 2.0 client in PingOne if you leave this property empty. | * *cookieName* Set this property to an empty string. PingOne servers do not require this setting. * *oauthScope* The scopes you added to your OAuth 2.0 application in PingOne. For example, `openid profile email phone` The result resembles the following: `PingConfig` class example values ```kotlin data class PingConfig( var discoveryEndpoint: String = "https://auth.pingone.com/3072206d-c6ce-ch15-m0nd-f87e972c7cc3/as/.well-known/openid-configuration", var oauthClientId: String = "6c7eb89a-66e9-ab12-cd34-eeaf795650b2", var oauthRedirectUri: String = "org.forgerock.demo://oauth2redirect", var oauthSignOutRedirectUri: String = "", var cookieName: String = "", var oauthScope: String = "openid profile email phone" ) ``` 5. Optionally, specify which of the configured policies PingOne uses to authenticate users. In `/app/kotlin+java/com.example.app/centralize/CentralizeLoginViewModel`, in the `login(fragmentActivity: FragmentActivity)` function, add an `acr_values` parameter to the authorization request by using the `setAdditionalParameters()` method: ```kotlin fun login(fragmentActivity: FragmentActivity) { FRUser.browser().appAuthConfigurer() // Add acr values to the authorization request .authorizationRequest{ it.setAdditionalParameters( mapOf( "acr_values" to "" ) ) } .customTabsIntent { it.setColorScheme(CustomTabsIntent.COLOR_SCHEME_DARK) }.appAuthConfiguration { appAuthConfiguration → } .done() .login(fragmentActivity, object : FRListener { override fun onSuccess(result: FRUser) { state.update { it.copy(user = result, exception = null) } } override fun onException(e: Exception) { state.update { it.copy(user = null, exception = e) } } } ) } ``` Replace *\* with either a single DaVinci policy by using its flow policy ID, or one or more PingOne policies by specifying the policy names, separated by spaces or the encoded space character `%20`. Examples: * DaVinci flow policy ID `"acr_values" to "d1210a6b0b2665dbaa5b652221badba2"` * PingOne policy names `"acr_values" to "Single_Factor%20Multi_Factor"` For more information, refer to [Editing an application - OIDC](https://docs.pingidentity.com/pingone/applications/p1_edit_application_oidc.html). 6. Save your changes.