Orchestration SDKs

Step 3. Configuring connection properties

PingOne Advanced Identity Cloud PingAM React Native

In this step, you configure the PingSampleApp to connect to your PingOne Advanced Identity Cloud or PingAM instance.

All connection settings are stored in a .env file in the PingSampleApp directory. The app reads this file at build time.

Creating the environment file

  1. In a terminal, navigate to the PingSampleApp directory:

    cd PingSampleApp
  2. Copy the example environment file:

    cp .env.example .env
  3. Open .env in a text editor and update the values to match your environment:

    Example values in the .env file
    JOURNEY_SERVER_URL=https://openam-forgerock-sdks.forgeblocks.com/am
    JOURNEY_REALM=alpha
    JOURNEY_COOKIE=ch15fefc5407912
    JOURNEY_CLIENT_ID=sdkPublicClient
    JOURNEY_DISCOVERY_ENDPOINT=https://openam-forgerock-sdks.forgeblocks.com/am/oauth2/realms/alpha/.well-known/openid-configuration
    JOURNEY_REDIRECT_URI=com.example.demo://oauth2redirect
    JOURNEY_SCOPES=openid, email, address, profile
    JOURNEY_SERVER_URL

    The base URL of the server, including the deployment path.

    PingOne Advanced Identity Cloud example:

    https://openam-forgerock-sdks.forgeblocks.com/am

    PingAM example:

    https://openam.example.com:8443/openam

    JOURNEY_REALM

    The realm in which the OAuth 2.0 client and authentication journeys are configured.

    Typically root for AM and alpha or bravo for Advanced Identity Cloud.

    JOURNEY_COOKIE

    The name of the cookie used for the session token.

    For example, with a self-hosted PingAM server this value might be iPlanetDirectoryPro.

    PingOne Advanced Identity Cloud tenants use a random alphanumeric string.

    To find the cookie name in an PingOne Advanced Identity Cloud tenant, navigate to Tenant settings > Global Settings, and copy the value of the Cookie property.

    JOURNEY_CLIENT_ID

    The client ID of the OAuth 2.0 application you registered in PingOne Advanced Identity Cloud or PingAM.

    For example, sdkPublicClient

    JOURNEY_DISCOVERY_ENDPOINT

    The .well-known OpenID Connect discovery endpoint for your server.

    How do I find my PingOne Advanced Identity Cloud .well-known URL?

    You can view the .well-known endpoint for an OAuth 2.0 client in the PingOne Advanced Identity Cloud admin console:

    1. Log in to your PingOne Advanced Identity Cloud administration console.

    2. Click Applications, and then select the OAuth 2.0 client you created earlier. For example, sdkPublicClient.

    3. On the Sign On tab, in the Client Credentials section, copy the Discovery URI value.

      For example, https://openam-forgerock-sdks.forgeblocks.com/am/oauth2/alpha/.well-known/openid-configuration

    If you are using a custom domain, your .well-known is formed as follows:

    https://<custom-domain-fqdn>/.well-known/openid-configuration

    How do I find my PingAM .well-known URL?

    To form the .well-known URL for an PingAM server, concatenate the following information into a single URL:

    1. The base URL of the PingAM component of your deployment, including the port number and deployment path.

      For example, https://openam.example.com:8443/openam

    2. The string /oauth2

    3. The hierarchy of the realm that contains the OAuth 2.0 client.

      You must specify the entire hierarchy of the realm, starting at the Top Level Realm. Prefix each realm in the hierarchy with the realms/ keyword.

      For example, /realms/root/realms/customers

      If you omit the realm hierarchy, the top level ROOT realm is used by default.

    4. The string /.well-known/openid-configuration

    For example, https://openam-forgerock-sdks.forgeblocks.com/am/oauth2/realms/alpha/.well-known/openid-configuration

    JOURNEY_REDIRECT_URI

    The redirect URI configured in your OAuth 2.0 client profile.

    This value must exactly match a redirect URI registered in your server.

    For example, com.example.demo://oauth2redirect.

    The default redirect scheme registered in the sample app is org.forgerock.demo.

    If you use a different scheme, you must also update manifestPlaceholders["appRedirectUriScheme"] in PingSampleApp/android/app/build.gradle (Android) and the CFBundleURLSchemes entry in PingSampleApp/ios/PingSampleApp/Info.plist (iOS) to match.

    JOURNEY_SCOPES

    A comma-separated list of OAuth 2.0 scopes to request.

    For example, openid, email, address, profile

With the environment file configured, the React Native app will pick up your settings the next time you build and run it.