Step 3. Configure the central login sample app
In this step, you configure the sample app to connect to the OAuth 2.0 application you created in PingOne.
-
In the IDE of your choice, open the
sdk-sample-apps
folder you cloned in the previous step. -
Open the
/central-login/src/main.js
file. -
Replace the
forgerock.Config.set
method with this code:await Config.setAsync({ clientId: "<PingOne Client ID>", redirectUri: `${window.location.origin}`, scope: "openid profile email address revoke", serverConfig: { wellknown: "<OIDC Discovery Endpoint>", }, });
Replace the following strings with the values you obtained when you registered an OAuth 2.0 application in PingOne.
- <PingOne Client ID>
-
The client ID from your OAuth 2.0 application in PingOne.
For example,
6c7eb89a-66e9-46df-9ee2-eeaf795650b2
- <OIDC Discovery Endpoint>
-
The
.well-known
endpoint from your OAuth 2.0 application in PingOne.For example,
https://auth.pingone.com/3072206d-c6ce-4c19-a366-f87e972c7cc3/as/.well-known/openid-configuration
The result resembles the following:
await Config.setAsync({ clientId: "6c7eb89a-66e9-46df-9ee2-eeaf795650b2", redirectUri: `${window.location.origin}`, scope: "openid profile email address revoke", serverConfig: { wellknown: "https://auth.pingone.com/3072206d-c6ce-4c19-a366-f87e972c7cc3/as/.well-known/openid-configuration", }, });
-
Alter the
logout
object as follows:-
In the
forgerock.FRUser.logout()
method, add the following parameter:{logoutRedirectUri: `${window.location.origin}`}
The presence of this parameter causes the SDK to use a redirect flow for ending the session and revoking the tokens, which PingOne servers require.
-
Remove or comment out the following line:
location.assign(`${document.location.origin}/`);
The result resembles the following:
const logout = async () => { try { await FRUser.logout({ logoutRedirectUri: `${window.location.origin}` }); // location.assign(`${document.location.origin}/`); } catch (error) { console.error(error); } };
-
-
Optionally, specify which of the configured policies PingOne uses to authenticate users.
In the
/central-login/src/main.js
file, on line80
, add anacr_values
query parameter to thegetTokens()
call:await TokenManager.getTokens({ login: 'redirect', query: { acr_values: "<Policy IDs>" } });
Replace <Policy IDs> with either a single DaVinci policy, by using its flow policy ID, or one or more PingOne policies by specifying the policy names, separated by spaces or the encoded space character
%20
.Examples:
- DaVinci flow policy ID
-
acr_values: "d1210a6b0b2665dbaa5b652221badba2"
- PingOne policy names
-
acr_values: "Single_Factor%20Multi_Factor"
For more information, refer to Editing an application - OIDC.
With the sample configured, you can proceed to Step 4. Run the central login sample app.