ForgeRock Developer Experience

Step 2. Configure the sample app

In this step, you configure the "app" sample to connect to the OAuth 2.0 application you created in PingOne, using the centralized login method.

  1. In Android Studio, open the forgerock-android-sdk folder you cloned in the previous step.

  2. In the Project pane, switch to the Android view.

  3. In the Android view, navigate to app > kotlin+java > com.example.app > env, and open EnvViewModel.

    This file contains the server environments the sample app can use. Each specifies the properties using the FROptionsBuilder.build method.

  4. Add the following after any existing environments, with a suitable name. For example, you could use the name of the OAuth 2.0 client, sdkNativeClient:

    val sdkNativeClient = FROptionsBuilder.build {
        server {
            url = "<PingOne Issuer URL>"
        }
        oauth {
            oauthClientId = "<PingOne Client ID>"
            oauthRedirectUri = "org.forgerock.demo://oauth2redirect"
            oauthSignOutRedirectUri = "org.forgerock.demo://oauth2redirect"
            oauthScope = "openid profile email address revoke"
        }
    }

    Replace the following strings with the values you obtained when you registered an OAuth 2.0 application for native mobile apps in PingOne.

    <PingOne Client ID>

    The client ID from your OAuth 2.0 native mobile application in PingOne.

    For example, 6c7eb89a-66e9-46df-9ee2-eeaf795650b2

    <PingOne Issuer URL>

    The Issuer endpoint from your OAuth 2.0 application in PingOne.

    For example, https://auth.pingone.com/3072206d-c6ce-4c19-a366-f87e972c7cc3/as

    The issuer URL is the same as the OIDC Discovery Endpoint, after removing /.well-known/openid-configuration.

    The result resembles the following:

    val sdkNativeClient = FROptionsBuilder.build {
        server {
            url = "https://auth.pingone.com/3072206d-c6ce-4c19-a366-f87e972c7cc3/as"
        }
        oauth {
            oauthClientId = "6c7eb89a-66e9-46df-9ee2-eeaf795650b2"
            oauthRedirectUri = "org.forgerock.demo://oauth2redirect"
            oauthSignOutRedirectUri = "org.forgerock.demo://oauth2redirect"
            oauthScope = "openid profile email address revoke"
        }
    }
  5. In the init object, add your configuration to the list of servers available to the app:

    The result resembles the following:

    init {
        servers.add(localhost)
        // ...
        servers.add(sdkNativeClient)
    }
  6. Optionally, specify which of the configured policies PingOne uses to authenticate users.

    In /app/kotlin+java/com.example.app/centralize/CentralizeLoginViewModel, in the login(fragmentActivity: FragmentActivity) function, add an acr_values parameter to the authorization request by using the setAdditionalParameters() method:

    fun login(fragmentActivity: FragmentActivity) {
      FRUser.browser().appAuthConfigurer()
        // Add acr values to the authorization request
        .authorizationRequest{
          it.setAdditionalParameters(
            mapOf(
              "acr_values" to "<Policy IDs>"
            )
          )
        }
        .customTabsIntent {
          it.setColorScheme(CustomTabsIntent.COLOR_SCHEME_DARK)
        }.appAuthConfiguration { appAuthConfiguration → }
        .done()
        .login(fragmentActivity,
            object : FRListener<FRUser> {
                override fun onSuccess(result: FRUser) {
                  state.update {
                      it.copy(user = result, exception = null)
                  }
                }
    
                override fun onException(e: Exception) {
                    state.update {
                        it.copy(user = null, exception = e)
                    }
                }
            }
        )
    }

    Replace <Policy IDs> with either a single DaVinci policy, by using its flow policy ID, or one or more PingOne policies by specifying the policy names, separated by spaces or the encoded space character %20.

    Examples:

    DaVinci flow policy ID

    "acr_values" to "d1210a6b0b2665dbaa5b652221badba2"

    PingOne policy names

    "acr_values" to "Single_Factor%20Multi_Factor"

    For more information, refer to Editing an application - OIDC.

With the sample configured, you can proceed to Step 3. Run the sample app and perform centralized login.