Step 2. Configure the sample app
In this step, you configure the "FRExample" app to connect to the OAuth 2.0 application you created in PingOne, using the centralized login method.
-
In Xcode, on the File menu, click Open.
-
Navigate to the
forgerock-ios-sdk
folder you cloned in the previous step, navigate toSampleApps
>FrExample
>FRExample.xcodeproj
, and then click Open. -
In the Project Navigator pane, navigate to FRExample > FRExample, and open the
ViewController
file. -
In the
ViewController
file:-
Change the
useDiscoveryURL
variable totrue
:let useDiscoveryURL = true
Changing the variable causes the sample to use the
discover
method to get many of the required configuration values from your PingOne OIDC.well-known
endpoint. -
Replace
CLIENT_ID_PLACEHOLDER
with the ID of the OAuth 2.0 client application you created previously in PingOne:let config = ["forgerock_oauth_client_id": "6c7eb89a-66e9-46df-9ee2-eeaf795650b2", "forgerock_oauth_redirect_uri": "org.forgerock.demo://oauth2redirect", "forgerock_oauth_scope" : "openid profile email address revoke", "forgerock_ssl_pinning_public_key_hashes": ["SSL_PINNING_HASH_PLACEHOLDER"]]
-
Remove or comment out the
forgerock_ssl_pinning_public_key_hashes
line.For information on SSL pinning, refer to Enable SSL pinning.
-
Replace
DISCOVERY_URL_PLACEHOLDER
with the.well-known
endpoint from your OAuth 2.0 native mobile application in PingOne.For example:
let discoveryURL = "https://auth.pingone.com/3072206d-c6ce-4c19-a366-f87e972c7cc3/as/.well-known/openid-configuration"
-
Optionally, specify which of the configured policies PingOne uses to authenticate users.
In the
performCentralizedLogin
function, add anacr_values
parameter to the authorization request by using thesetCustomParam()
method:func performCentralizedLogin() { FRUser.browser()? .set(presentingViewController: self) .set(browserType: .authSession) // Add acr values to the authorization request .setCustomParam(key: "acr_values", value: "<Policy IDs>") .build().login { (user, error) in self.displayLog("User: \(String(describing: user)) || Error: \(String(describing: error))") } return }
Replace <Policy IDs> with either a single DaVinci policy, by using its flow policy ID, or one or more PingOne policies by specifying the policy names, separated by spaces or the encoded space character
%20
.Examples:
- DaVinci flow policy ID
-
.setCustomParam(key: "acr_values", value: "d1210a6b0b2665dbaa5b652221badba2")
- PingOne policy names
-
.setCustomParam(key: "acr_values", value: "Single_Factor%20Multi_Factor")
For more information, refer to Editing an application - OIDC.
-
With the sample configured, you can proceed to Step 3. Run the sample app and perform centralized login.