Configuring the server for Android

PingOne Advanced Identity Cloud PingAM Android

To use the Journey module in your app you need to complete the prerequisite tasks on your server.

Select your server below and complete the tasks before adding the Journey module to your apps:

Advanced Identity Cloud

Configure PingOne Advanced Identity Cloud for use with the Journey module for Android.

PingAM

Configure PingAM for use with the Journey module for Android.

Advanced Identity Cloud

To use the Journey module in your app and obtain session tokens for users, complete the following task:

Task 1. Create a demo user

The samples and tutorials in this documentation often require that you have an identity set up so that you can test authentication.

To create a demo user in PingOne Advanced Identity Cloud, follow these steps:

Log in to your PingOne Advanced Identity Cloud tenant.
In the left panel, click Identities > Manage.
Click New Alpha realm - User.
Enter the following details:
- Username = demo
- First Name = Demo
- Last Name = User
- Email Address = demo.user@example.com
- Password = Ch4ng3it!
Click Save.

Task 2. Prepare for OAuth 2.0 tokens

If you want to optionally obtain access tokens, perform the following prerequisite tasks:

Task 2a. Register a public OAuth 2.0 client

Public clients do not use a client secret to obtain tokens because they are unable to keep them hidden. The Orchestration SDKs commonly use this type of client to obtain tokens, as they cannot guarantee safekeeping of the client credentials in a browser or on a mobile device.

To register a public OAuth 2.0 client application for use with the SDKs in PingOne Advanced Identity Cloud, follow these steps:

Log in to your PingOne Advanced Identity Cloud tenant.
In the left panel, click Applications.
Click Custom Application.
Select OIDC - OpenId Connect as the sign-in method, and then click Next.
Select Native / SPA as the application type, and then click Next.
In Name, enter a name for the application, such as Public SDK Client.
In Owners, select a user that is responsible for maintaining the application, and then click Next.

When trying out the SDKs, you could select the demo user you created previously.
In Client ID, enter sdkPublicClient
Select Configure for SDK Sample Apps.
Click Create Application.

PingOne Advanced Identity Cloud creates the application and displays the details screen.
On the Sign On tab:
1. In Sign-In URLs, ensure the following values appear, or add them if they don’t:
  
  com.example.demo://oauth2redirect
  
  https://demo.example.com/oauth2redirect
  
  Also add any other domains where you host SDK applications.
2. In Grant Types, ensure the following values appear:
  
  Authorization Code
  
  Refresh Token
3. In Scopes, ensure the following values appear:
  
  openid profile email address
Click Show advanced settings, and on the Authentication tab, confirm the following properties:
1. In Token Endpoint Authentication Method, select none.
2. In Client Type, select Public.
3. Enable the Implied Consent property.
Click Save.

The application is now configured to accept client connections from and issue OAuth 2.0 tokens to the example applications and tutorials covered by this documentation.

Task 2b. Configure the OAuth 2.0 provider

The provider specifies the supported OAuth 2.0 configuration options for a realm.

To ensure the PingOne Advanced Identity Cloud OAuth 2.0 provider service is configured for use with the Orchestration SDKs, follow these steps:

In your PingOne Advanced Identity Cloud tenant, navigate to Native Consoles > Access Management.
In the left panel, click Services.
In the list of services, click OAuth2 Provider.
On the Core tab, ensure Issue Refresh Tokens is enabled.
On the Consent tab, ensure Allow Clients to Skip Consent is enabled.
Click Save Changes.