Configure the SDKs
You need to configure certain settings in the SDKs so they can connect to your ForgeRock server to authenticate your users and obtain tokens.
The method you use to configure these settings depends on which SDK you are using.
ForgeRock SDK for Android configuration
Configure SDK properties in your Android app by editing the strings.xml
file, located in app/src/main/res/values
.
Server properties
Property | Description | ||
---|---|---|---|
|
The base URL of the ForgeRock server to connect to, including port and deployment path. Identity Cloud example: Self-hosted example: |
||
|
The realm in which the OAuth 2.0 client profile and authentication journeys are configured. For example, Defaults to the self-hosted top-level realm |
||
|
A timeout, in seconds, for each request that communicates with your ForgeRock server. |
||
|
The name of the cookie that contains the session token. For example, with a self-hosted AM server this value might be
|
Journey properties
Property | Description |
---|---|
|
The name of a user authentication tree configured in your ForgeRock server. For example, |
|
The name of a user registration tree configured in your ForgeRock server. For example, |
OAuth 2.0 properties
Property | Description | ||
---|---|---|---|
|
The For example, |
||
|
The
For example, |
||
|
The URI to redirect users to after they sign out and revoke their OAuth 2.0 tokens. For example, |
||
|
A list of scopes to request when performing an OAuth 2.0 authorization flow, separated by spaces. For example, |
||
|
A threshold, in seconds, to refresh an OAuth 2.0 token before the Defaults to |
SSL pinning properties
Property | Description |
---|---|
|
An array of public key certificate hashes (strings) for trusted sites and services. |
|
An array of BuildStep objects to provide additional SSL pinning parameters to |
Custom endpoint properties
Property | Description |
---|---|
|
Override the default path to your ForgeRock server’s |
|
Override the default path to the AM’s |
|
Override the default path to your ForgeRock server’s |
|
Override the default path to your ForgeRock server’s |
|
Override the default path to your ForgeRock server’s |
|
Override the default path to your ForgeRock server’s |
SDK permissions
The ForgeRock Android SDK requires certain permissions depending on your use case.
Internet permissions (required)
Your Android app requires the following permission to access the Internet:
Permission name | Description |
---|---|
|
Lets applications open network sockets. |
Location permissions (optional)
Your Android app requires the following location permissions if your app needs to capture location information during device profiling:
Permission name | Description |
---|---|
|
Lets the app access precise location. |
|
Lets the app access approximate location. |
ForgeRock SDK for iOS Properties
Configure SDK properties in your iOS app by editing the FRAuthConfig.plist
file.
Server properties
Property | Description | ||
---|---|---|---|
|
The base URL of the ForgeRock server to connect to, including port and deployment path. Identity Cloud example: Self-hosted example: |
||
|
The realm in which the OAuth 2.0 client profile and authentication journeys are configured. For example, Defaults to the self-hosted top-level realm |
||
|
A timeout, in seconds, for each request that communicates with your ForgeRock server. |
||
|
When Defaults to |
||
|
The name of the cookie that contains the session token. For example, with a self-hosted AM server this value might be
|
Journey properties
Property | Description |
---|---|
|
The name of a user authentication tree configured in your ForgeRock server. For example, |
|
The name of a user registration tree configured in your ForgeRock server. For example, |
OAuth 2.0 properties
Property | Description |
---|---|
|
The For example, |
|
The [NOTE] This value must match a value configured in your OAuth 2.0 client, but is not actually used by the iOS application. For example, |
|
A list of scopes to request when performing an OAuth 2.0 authorization flow, separated by spaces. For example, |
|
A threshold, in seconds, to refresh an OAuth 2.0 token before the Defaults to |
SSL pinning properties
Property | Description |
---|---|
|
An array of public key certificate hashes (strings) for trusted sites and services. |
|
Keychain access group for the shared keychain. |
Custom endpoint properties
Property | Description |
---|---|
|
Override the default path to your ForgeRock server’s |
|
Override the default path to the AM’s |
|
Override the default path to your ForgeRock server’s |
|
Override the default path to your ForgeRock server’s |
|
Override the default path to your ForgeRock server’s |
|
Override the default path to your ForgeRock server’s |
ForgeRock SDK for JavaScript Properties
Configure SDK properties in your JavaScript app by editing a serverConfig
object, a parameter of the forgerock.Config.set()
function.
Property | Description | ||
---|---|---|---|
|
An interface for configuring how the SDK contacts the AM instance. Contains |
||
|
The base URL of the ForgeRock server to connect to, including port and deployment path. Identity Cloud example: Self-hosted example: |
||
|
A URL to the server’s Use the Example:
Self-hosted example:
|
||
|
A timeout, in milliseconds, for each request that communicates with your ForgeRock server. For example, for 30 seconds specify Defaults to |
||
|
The realm in which the OAuth 2.0 client profile and authentication journeys are configured. For example, Defaults to the self-hosted top-level realm |
||
|
The name of the user authentication tree configured in your ForgeRock server. For example, |
||
|
The |
||
|
The
For example, |
||
|
A list of scopes to request when performing an OAuth 2.0 authorization flow, separated by spaces. For example, |
||
|
A threshold, in seconds, to refresh an OAuth 2.0 token before the Defaults to |
||
|
Specify whether the SDK should output its log messages in the console and the level of messages to display. One of:
|
||
|
Specify a function to override the default logging behavior. Refer to Customize the JavaScript SDK logger. |
||
|
The API to use for storing tokens on the client:
|
||
|
Override the default For example, the key used for storing tokens consists of the
|
||
|
Specify whether to include an The server can use the value of this header to alter the logic of an authentication flow. For example, if the value indicates a JavaScript web app, the journey could avoid device binding nodes, as they are only supported by Android and iOS apps. Defaults to |
Custom endpoint properties
You can override the default paths for a number of endpoints by adding a serverConfig {paths}
structure.
You can use a server’s Enter the well-known URL in the
|
Property | Description |
---|---|
authenticate |
Override the default |
authorize |
Override the default |
accessToken |
Override the default |
revoke |
Override the default |
userInfo |
Override the default |
sessions |
Override the default |
endSession |
Override the default |
Example:
forgerock.Config.set({
serverConfig: {
baseUrl: 'https://openam-forgerock-sdks.forgeblocks.com/am',
paths: {
authenticate: 'iam/endpoints/authN',
authorize: 'iam/endpoints/authZ'
},
timeout: 30000,
},
realmPath: 'alpha',
tree: 'sdkUsernamePasswordJourney'
});
Any endpoint paths that you do not override use the pre-configured defaults. |