Ping SDKs

Before you begin

To successfully complete this tutorial refer to the prerequisites in this section.

The tutorial also requires a configured PingFederate server.

Prerequisites

Node and NPM

This sample requires a minimum Node.js version of 18, and is tested on versions 18 and 20. To get a supported version of Node.js, refer to the Node.js download page.

You will also need npm to build the code and run the samples.

Server configuration

This tutorial requires you to configure your PingFederate server as follows:

Task 1. Register a public OAuth 2.0 client

OAuth 2.0 client application profiles define how applications connect to PingFederate and obtain OAuth 2.0 tokens.

To allow the Ping SDKs to connect to PingFederate and obtain OAuth 2.0 tokens, you must register an OAuth 2.0 client application:

  1. Log in to the PingFederate administration console as an administrator.

  2. Navigate to Applications  OAuth  Clients.

  3. Click Add Client.

    PingFederate displays the Clients | Client page.

  4. In Client ID and Name, enter a name for the profile, for example sdkPublicClient

    Make a note of the Client ID value, you will need it when you configure the sample code.

  5. In Client Authentication, select None.

  6. In Redirect URIs, add the following values:

    https://localhost:8443

    Also add any other URLs where you host SDK applications.

    Failure to add redirect URLs that exactly match your client app’s values can cause PingFederate to display an error message such as Redirect URI mismatch when attempting to end a session by redirecting from the SDK.

  7. In Allowed Grant Types, select the following values:

    Authorization Code

    Refresh Token

  8. In the OpenID Connect section:

    1. In Logout Mode, select Ping Front-Channel

    2. In Front-Channel Logout URIs, add the following values:

      https://localhost:8443

      Also add any other URLs that redirect users to PingFederate to end their session.

      Failure to add sign off URLs that exactly match your client app’s values can cause PingFederate to display an error message such as invalid post logout redirect URI when attempting to end a session by redirecting from the SDK.

    3. In Post-Logout Redirect URIs, add the following values:

      https://localhost:8443

  9. Click Save.

    After changing PingFederate configuration using the administration console, you must replicate the changes to each server node in the cluster before they take effect.

    In the PingFederate administration console, navigate to System > Server > Cluster Management, and click Replicate.

    The application is now configured to accept client connections from and issue OAuth 2.0 tokens to the Ping SDK PingFederate example applications and tutorials covered by this documentation.

Task 2. Configure CORS

Cross-origin resource sharing (CORS) lets user agents make cross-domain server requests. In PingFederate, you can configure CORS to allow browsers or apps from trusted domains to access protected resources.

To configure CORS in PingFederate follow these steps:

  1. Log in to the PingFederate administration console as an administrator.

  2. Navigate to System  OAuth Settings  Authorization Server Settings.

  3. In the Cross-Origin Resource Sharing Settings section, in the Allowed Origin field, enter any DNS aliases you use for your SDK apps.

    This documentation assumes the following configuration:

    Property Values

    Allowed Origin

    https://localhost:8443

  4. Click Save.

    After changing PingFederate configuration using the administration console, you must replicate the changes to each server node in the cluster before they take effect.

    In the PingFederate administration console, navigate to System > Server > Cluster Management, and click Replicate.

    Your PingFederate server is now able to accept connections from origins hosting apps built with the Ping SDKs.