Step 2. Configure the sample app
In this step, you configure the "app" sample to connect to the OAuth 2.0 application you created in PingOne, using the centralized login method.
-
In Android Studio, open the
forgerock-android-sdk
folder you cloned in the previous step. -
In the Project pane, switch to the Android view.
-
In the Android view, navigate to app > kotlin+java > com.example.app > env, and open
EnvViewModel
.This file contains the server environments the sample app can use. Each specifies the properties using the
FROptionsBuilder.build
method. -
Add the following after any existing environments, with a suitable name. For example, you could use the name of the OAuth 2.0 client, sdkNativeClient:
val sdkNativeClient = FROptionsBuilder.build { server { url = "<PingOne Issuer URL>" } oauth { oauthClientId = "<PingOne Client ID>" oauthRedirectUri = "org.forgerock.demo://oauth2redirect" oauthSignOutRedirectUri = "org.forgerock.demo://oauth2redirect" oauthScope = "openid profile email address revoke" } }
Replace the following strings with the values you obtained when you registered an OAuth 2.0 application for native mobile apps in PingOne.
- <PingOne Client ID>
-
The client ID from your OAuth 2.0 native mobile application in PingOne.
For example,
6c7eb89a-66e9-46df-9ee2-eeaf795650b2
- <PingOne Issuer URL>
-
The
Issuer
endpoint from your OAuth 2.0 application in PingOne.For example,
https://auth.pingone.com/3072206d-c6ce-4c19-a366-f87e972c7cc3/as
The issuer URL is the same as the OIDC Discovery Endpoint, after removing /.well-known/openid-configuration
.
The result resembles the following:
val sdkNativeClient = FROptionsBuilder.build { server { url = "https://auth.pingone.com/3072206d-c6ce-4c19-a366-f87e972c7cc3/as" } oauth { oauthClientId = "6c7eb89a-66e9-46df-9ee2-eeaf795650b2" oauthRedirectUri = "org.forgerock.demo://oauth2redirect" oauthSignOutRedirectUri = "org.forgerock.demo://oauth2redirect" oauthScope = "openid profile email address revoke" } }
-
In the
init
object, add your configuration to the list of servers available to the app:The result resembles the following:
init { servers.add(localhost) // ... servers.add(sdkNativeClient) }
-
Optionally, specify which of the configured policies PingOne uses to authenticate users.
In
/app/kotlin+java/com.example.app/centralize/CentralizeLoginViewModel
, in thelogin(fragmentActivity: FragmentActivity)
function, add anacr_values
parameter to the authorization request by using thesetAdditionalParameters()
method:fun login(fragmentActivity: FragmentActivity) { FRUser.browser().appAuthConfigurer() // Add acr values to the authorization request .authorizationRequest{ it.setAdditionalParameters( mapOf( "acr_values" to "<Policy IDs>" ) ) } .customTabsIntent { it.setColorScheme(CustomTabsIntent.COLOR_SCHEME_DARK) }.appAuthConfiguration { appAuthConfiguration → } .done() .login(fragmentActivity, object : FRListener<FRUser> { override fun onSuccess(result: FRUser) { state.update { it.copy(user = result, exception = null) } } override fun onException(e: Exception) { state.update { it.copy(user = null, exception = e) } } } ) }
Replace <Policy IDs> with either a single DaVinci policy, by using its flow policy ID, or one or more PingOne policies by specifying the policy names, separated by spaces or the encoded space character
%20
.Examples:
- DaVinci flow policy ID
-
"acr_values" to "d1210a6b0b2665dbaa5b652221badba2"
- PingOne policy names
-
"acr_values" to "Single_Factor%20Multi_Factor"
For more information, refer to Editing an application - OIDC.
With the sample configured, you can proceed to Step 3. Run the sample app and perform centralized login.