ForgeRock Developer Experience

Step 2. Configure the sample app

In this step, you configure the "FRExample" app to connect to the OAuth 2.0 application you created in PingOne, using the centralized login method.

  1. In Xcode, on the File menu, click Open.

  2. Navigate to the forgerock-ios-sdk folder you cloned in the previous step, navigate to SampleApps > FrExample > FRExample.xcodeproj, and then click Open.

  3. In the Project Navigator pane, navigate to FRExample > FRExample, and open the ViewController file.

  4. In the ViewController file:

    1. Change the useDiscoveryURL variable to true:

      let useDiscoveryURL = true

      Changing the variable causes the sample to use the discover method to get many of the required configuration values from your PingOne OIDC .well-known endpoint.

    2. Replace CLIENT_ID_PLACEHOLDER with the ID of the OAuth 2.0 client application you created previously in PingOne:

      let config =
      ["forgerock_oauth_client_id": "6c7eb89a-66e9-46df-9ee2-eeaf795650b2",
      "forgerock_oauth_redirect_uri": "org.forgerock.demo://oauth2redirect",
      "forgerock_oauth_scope" : "openid profile email address revoke",
      "forgerock_ssl_pinning_public_key_hashes": ["SSL_PINNING_HASH_PLACEHOLDER"]]
    3. Remove or comment out the forgerock_ssl_pinning_public_key_hashes line.

      For information on SSL pinning, refer to Enable SSL pinning.

    4. Replace DISCOVERY_URL_PLACEHOLDER with the .well-known endpoint from your OAuth 2.0 native mobile application in PingOne.

      For example:

      let discoveryURL = "https://auth.pingone.com/3072206d-c6ce-4c19-a366-f87e972c7cc3/as/.well-known/openid-configuration"
    5. Optionally, specify which of the configured policies PingOne uses to authenticate users.

      In the performCentralizedLogin function, add an acr_values parameter to the authorization request by using the setCustomParam() method:

      func performCentralizedLogin() {
          FRUser.browser()?
              .set(presentingViewController: self)
              .set(browserType: .authSession)
              // Add acr values to the authorization request
              .setCustomParam(key: "acr_values", value: "<Policy IDs>")
              .build().login { (user, error) in
                  self.displayLog("User: \(String(describing: user)) || Error: \(String(describing: error))")
          }
          return
      }

      Replace <Policy IDs> with either a single DaVinci policy, by using its flow policy ID, or one or more PingOne policies by specifying the policy names, separated by spaces or the encoded space character %20.

      Examples:

      DaVinci flow policy ID

      .setCustomParam(key: "acr_values", value: "d1210a6b0b2665dbaa5b652221badba2")

      PingOne policy names

      .setCustomParam(key: "acr_values", value: "Single_Factor%20Multi_Factor")

    For more information, refer to Editing an application - OIDC.

With the sample configured, you can proceed to Step 3. Run the sample app and perform centralized login.