Configure Ping SDK for Android properties
To configure the Ping SDK for Android, use the FROptionsBuilder
methods to build an FROptions
object, and pass the object to the FRAuth.start()
method.
Properties
The following properties are available for configuring the Ping SDK for Android:
Server
FROptionsBuilder
attribute-
server
Property name | Description | Required | ||
---|---|---|---|---|
|
The base URL of the PingAM instance to connect to, including port and deployment path. Identity Cloud example:
Self-hosted example:
|
|||
|
The realm in which the OAuth 2.0 client profile and authentication journeys are configured. For example, Defaults to the self-hosted top-level realm |
|||
|
A timeout, in seconds, for each request that communicates with PingAM. Default: |
|
||
|
The name of the cookie that contains the session token. For example, with a self-hosted PingAM server this value might be
Default: |
|||
|
Time, in seconds, to cache the session token cookie in memory. Default: |
|
Journeys
FROptionsBuilder
attribute-
service
Property name | Description | Required |
---|---|---|
|
The name of a user authentication tree configured in your server. For example, |
|
|
The name of a user registration tree configured in your server. For example, |
|
OAuth 2.0
FROptionsBuilder
attribute-
oauth
Property name | Description | Required | ||
---|---|---|---|---|
|
The For example, |
|||
|
The
For example, |
|||
|
The URI to redirect to after signing the user out of the authorization server. For example, |
|||
|
A list of scopes to request when performing an OAuth 2.0 authorization flow, separated by spaces. For example, |
|||
|
A threshold, in seconds, to refresh an OAuth 2.0 token before the |
|
||
|
Time, in seconds, to cache an OAuth 2.0 token in memory (defaults to |
|
Storage
FROptionsBuilder
attribute-
store
Property name | Description | Required |
---|---|---|
|
A custom class for the storage of OpenID Connect-related items, such as access tokens. |
|
|
A custom class for the storage of single sign-on-related items, such as SSO tokens. |
|
|
A custom class for the storage of cookies. |
|
SSL pinning
FROptionsBuilder
attribute-
sslPinning
Property name | Description | Required |
---|---|---|
|
An array of public key certificate hashes (strings) for trusted sites and services. |
|
|
An array of |
|
Endpoints
FROptionsBuilder
attribute-
urlPath
Property name | Description | Required |
---|---|---|
|
Override the path to the authorization server’s Default: |
|
|
Override the path to the authorization server’s Default: |
|
|
Override the path to the authorization server’s Default: |
|
|
Override the path to the authorization server’s Default: |
|
|
Override the path to the authorization server’s Default: |
|
|
Override the path to the authorization server’s |
|
Session and token lifecycle
The SDK revokes and removes persisted tokens if you programmatically change any of the following properties:
|
Examples
The following examples show how to configure the Ping SDK in your Android applications:
-
Android - Java
-
Android - Kotlin
FROptions options = FROptionsBuilder.build(frOptionsBuilder -> {
frOptionsBuilder.server(serverBuilder -> {
serverBuilder.setUrl("https://tenant.forgeblocks.com/am");
serverBuilder.setRealm("alpha");
serverBuilder.setCookieName("46b42b4229cd7a3");
return null;
});
frOptionsBuilder.oauth(oAuthBuilder -> {
oAuthBuilder.setOauthClientId("androidClient");
oAuthBuilder.setOauthRedirectUri("https://localhost:8443/callback");
oAuthBuilder.setOauthScope("openid profile email address");
return null;
});
frOptionsBuilder.service(serviceBuilder -> {
serviceBuilder.setAuthServiceName("Login");
serviceBuilder.setRegistrationServiceName("Registration");
return null;
});
return null;
});
FRAuth.start(this, options);
val options = FROptionsBuilder.build {
server {
url = "https://openam-forgerock-sdks.forgeblocks.com/am"
realm = "alpha"
cookieName = "iPlanetDirectoryPro"
}
oauth {
oauthClientId = "sdkPublicClient"
oauthRedirectUri = "https://localhost:8443/callback"
oauthScope = "openid profile email address"
}
service {
authServiceName = "Login"
registrationServiceName = "Registration"
}
}
FRAuth.start(this, options);
When the application calls FRAuth.start()
, the FRAuth
class checks for the presence of an FROptions
object.
If the object is not present, static initialization from strings.xml
happens.
If the object is present, the FRAuth
class uses the options object
and calls the same internal initialization method.
The app can call FRAuth.start()
multiple times in its lifecycle:
-
When the app calls
FRAuth.start()
for the first time in its lifecycle, the SDK checks for the presence of session and access tokens in the local storage. If an existing session is present, initialization does not log the user out. -
If the app calls
FRAuth.start()
again, the SDK checks whether session managers and token managers are initialized, and cleans the existing session and token storage. This ensures that changes to the app configuration remove and revoke existing sessions and tokens.
Using the .well-known endpoint
You can configure the SDKs to obtain many required settings from your authorization server’s .well-known
OpenID Connect endpoint.
Settings gathered from the endpoint include the paths to use for OAuth 2.0 authorization requests, and login endpoints.
Use the FROptions.discover
method to use the .well-known
endpoint to configure OAuth 2.0 paths:
val options =
options.discover("https://openam-forgerock-sdks.forgeblocks.com/am/oauth2/realms/root/realms/alpha/.well-known/openid-configuration")
FRAuth.start(context, options)