--- title: Configuring the server for JavaScript description: PingOne Advanced Identity Cloud PingAM JavaScript component: orchsdks page_id: orchsdks:journey:usage/javascript/01-configuring-the-server canonical_url: https://developer.pingidentity.com/orchsdks/journey/usage/javascript/01-configuring-the-server.html revdate: Tue, 2 Dec 2025 16:32:08 +0000 section_ids: aic: Advanced Identity Cloud task_1_create_a_demo_user: Task 1. Create a demo user task_2_configure_cors: Task 2. Configure CORS task_3_prepare_for_oauth_2_0_tokens: Task 3. Prepare for OAuth 2.0 tokens task_3a_register_a_public_oauth_2_0_client: Task 3a. Register a public OAuth 2.0 client task_3b_configure_the_oauth_2_0_provider: Task 3b. Configure the OAuth 2.0 provider am: PingAM task_1_create_a_demo_user_2: Task 1. Create a demo user task_2_configure_cors_2: Task 2. Configure CORS task_3_prepare_for_oauth_2_0_tokens_2: Task 3. Prepare for OAuth 2.0 tokens task_3a_register_a_public_oauth_2_0_client_2: Task 3a. Register a public OAuth 2.0 client task_3b_configure_the_oauth_2_0_provider_2: Task 3b. Configure the OAuth 2.0 provider --- # Configuring the server for JavaScript [icon: circle-check, set=far]PingOne Advanced Identity Cloud [icon: circle-check, set=far]PingAM [icon: js, set=fab]JavaScript * **Prepare** * [Install](02-installing-the-journey-module.html) * [Configure](03-configuring-the-journey-module.html) * [Start](04-starting-an-authentication-journey.html) * [Navigate](05-navigating-an-authentication-journey.html) * [Manage](06-handling-sessions.html) To use the **Journey** client in your app you need to complete these prerequisite tasks on your server. Select your server below and complete the tasks before adding the **Journey** client to your apps: ![](../../../_images/logos/PingOneAICStacked.png) #### [Advanced Identity Cloud](#aic) Configure PingOne Advanced Identity Cloud for use with the **Journey** module for JavaScript. ![](../../../_images/logos/PingAM.png) #### [PingAM](#am) Configure PingAM for use with the **Journey** module for JavaScript. ## Advanced Identity Cloud To use the **Journey** client in your app and obtain session tokens for users, complete the following tasks: ### Task 1. Create a demo user The samples and tutorials in this documentation often require that you have an identity set up so that you can test authentication. To create a demo user in PingOne Advanced Identity Cloud, follow these steps: 1. Log in to your PingOne Advanced Identity Cloud tenant. 2. In the left panel, click Identities > Manage. 3. Click [icon: plus, set=fa]New Alpha realm - User. 4. Enter the following details: * **Username** = `demo` * **First Name** = `Demo` * **Last Name** = `User` * **Email Address** = `demo.user@example.com` * **Password** = `Ch4ng3it!` 5. Click Save. ### Task 2. Configure CORS [Cross-origin resource sharing](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) (CORS) lets user agents make cross-domain server requests. In PingOne Advanced Identity Cloud, you can configure CORS to allow browsers from trusted domains to access PingOne Advanced Identity Cloud protected resources. For example, you might want a custom web application running on your own domain to get an end-user's profile information using the PingOne Advanced Identity Cloud REST API. The Orchestration SDK for JavaScript samples and tutorials use `https://localhost:8443` as the host domain, which you should add to your CORS configuration. If you are using a different domain for hosting SDK applications, ensure you add them to the CORS configuration as accepted origin domains. To update the CORS configuration in PingOne Advanced Identity Cloud, follow these steps: 1. Log in to your PingOne Advanced Identity Cloud tenant. 2. At the top right of the screen, click your name, and then select Tenant settings. 3. On the Global Settings tab, click Cross-Origin Resource Sharing (CORS). 4. Perform one of the following actions: * If listed, click PingSDK. * If there isn't an existing CORS configuration listed, click [icon: plus, set=fa]Add a CORS Configuration, select Ping SDK, and then click Next. The **Ping SDK** template contains many of the default values used in these tutorials. 5. In Accepted Origins: 1. Ensure `https://localhost:8443` is listed. 2. Add any DNS aliases you use to host your Orchestration SDK for JavaScript applications. 6. Complete the remaining fields to suit your environment. This documentation assumes the following configuration, required for the tutorials and sample applications: | Property | Values | | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `Accepted Origins` | `https://localhost:8443` | | `Accepted Methods` | `GET``POST` | | `Accepted Headers` | `accept-api-version``x-requested-with``content-type``authorization``if-match``x-requested-platform``iPlanetDirectoryPro` \[[1](#_footnotedef_1 "View footnote.")]`ch15fefc5407912` \[[2](#_footnotedef_2 "View footnote.")]***[1](#_footnoteref_1). Cookie name value in PingAM servers.[2](#_footnoteref_2). In PingOne Advanced Identity Cloud tenants, go to **Tenant Settings > Global Settings > Cookie** to find this dynamic cookie name value. | | `Exposed Headers` | `authorization``content-type` | | `Enable Caching` | `True` | | `Max Age` | `600` | | `Allow Credentials` | `True` | | | | | - | --------------------------------------------------------------------- | | | Click Show advanced settings to be able to edit all available fields. | 7. Click Save CORS Configuration. ### Task 3. Prepare for OAuth 2.0 tokens If you want to optionally obtain access tokens, perform the following prerequisite tasks: #### Task 3a. Register a public OAuth 2.0 client Public clients do not use a client secret to obtain tokens because they are unable to keep them hidden. The Orchestration SDKs commonly use this type of client to obtain tokens, as they cannot guarantee safekeeping of the client credentials in a browser or on a mobile device. To register a *public* OAuth 2.0 client application for use with the SDKs in PingOne Advanced Identity Cloud, follow these steps: 1. Log in to your PingOne Advanced Identity Cloud tenant. 2. In the left panel, click Applications. 3. Click [icon: plus, set=fa]Custom Application. 4. Select OIDC - OpenId Connect as the sign-in method, and then click Next. 5. Select Native / SPA as the application type, and then click Next. 6. In Name, enter a name for the application, such as `Public SDK Client`. 7. In Owners, select a user that is responsible for maintaining the application, and then click Next. | | | | - | ---------------------------------------------------------------------------------- | | | When trying out the SDKs, you could select the `demo` user you created previously. | 8. In Client ID, enter `sdkPublicClient` 9. Select **Configure for SDK Sample Apps**. 10. Click Create Application. PingOne Advanced Identity Cloud creates the application and displays the details screen. 11. On the Sign On tab: 1. In Sign-In URLs, ensure the following values appear, or add them if they don't: `https://localhost:8443/callback.html` | | | | - | ----------------------------------------------------------- | | | Also add any other domains where you host SDK applications. | 2. In Grant Types, ensure the following values appear: `Authorization Code` `Refresh Token` 3. In Scopes, ensure the following values appear: `openid profile email address` 12. Click Show advanced settings, and on the Authentication tab, confirm the following properties: 1. In Token Endpoint Authentication Method, select `none`. 2. In Client Type, select `Public`. 3. Enable the Implied Consent property. 13. Click Save. The application is now configured to accept client connections from and issue OAuth 2.0 tokens to the example applications and tutorials covered by this documentation. #### Task 3b. Configure the OAuth 2.0 provider The provider specifies the supported OAuth 2.0 configuration options for a realm. To ensure the PingOne Advanced Identity Cloud OAuth 2.0 provider service is configured for use with the Orchestration SDKs, follow these steps: 1. In your PingOne Advanced Identity Cloud tenant, navigate to Native Consoles > Access Management. 2. In the left panel, click [icon: plug, set=fa]Services. 3. In the list of services, click OAuth2 Provider. 4. On the Core tab, ensure Issue Refresh Tokens is enabled. 5. On the Consent tab, ensure Allow Clients to Skip Consent is enabled. 6. Click Save Changes. ## PingAM To use the **Journey** client in your app and obtain session tokens for users, complete the following task: ### Task 1. Create a demo user The samples and tutorials in this documentation often require that you have an identity set up so that you can test authentication. To create a demo user in PingAM, follow these steps: 1. Log in to the PingAM admin UI as an administrator. 2. Navigate to [icon: address-card, set=fa]Identities, and then click [icon: plus, set=fa]Add Identity. 3. Enter the following details: * **User ID** = `demo` * **Password** = `Ch4ng3it!` * **Email Address** = `demo.user@example.com` 4. Click Create. ### Task 2. Configure CORS [Cross-origin resource sharing](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) (CORS) lets user agents make cross-domain server requests. In PingAM, you can configure CORS to allow browsers from trusted domains to access PingAM protected resources. For example, you might want a custom web application running on your own domain to get an end-user's profile information using the PingAM REST API. The Orchestration SDK for JavaScript samples and tutorials all use `https://localhost:8443` as the host domain, which you should add to your CORS configuration. If you are using a different URL for hosting SDK applications, ensure you add them to the CORS configuration as accepted origin domains. To enable CORS in PingAM, and create a CORS filter to allow requests from your configured domain names, follow these steps: 1. Log in to the PingAM admin UI as an administrator. 2. Navigate to Configure > Global Services > CORS Service > Configuration, and set the Enable the CORS filter property to `true`. | | | | - | -------------------------------------------------------------------------------------------------------------------- | | | If this property is not enabled, CORS headers are not added to responses from PingAM, and CORS is disabled entirely. | 3. On the Secondary Configurations tab, click Add a Secondary Configuration. 4. In the Name field, enter `OrchSDK`. 5. in the Accepted Origins field, enter any DNS aliases you use for your SDK apps. This documentation assumes the following configuration: | Property | Values | | ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `Accepted Origins` | `https://localhost:8443` | | `Accepted Methods` | `GET``POST` | | `Accepted Headers` | `accept-api-version``x-requested-with``content-type``authorization``if-match``x-requested-platform``iPlanetDirectoryPro` \[[3](#_footnotedef_3 "View footnote.")]`ch15fefc5407912` \[[4](#_footnotedef_4 "View footnote.")]***[3](#_footnoteref_3). Cookie name value in PingAM servers.[4](#_footnoteref_4). In PingOne Advanced Identity Cloud tenants, go to **Tenant Settings > Global Settings > Cookie** to find this dynamic cookie name value. | 6. Click Create. PingAM displays the configuration of your new CORS filter. 7. On the CORS filter configuration page: 1. Ensure Enable the CORS filter is enabled. 2. Set the Max Age property to `600` 3. Ensure Allow Credentials is enabled. 8. Click Save Changes. ### Task 3. Prepare for OAuth 2.0 tokens If you want to optionally obtain access tokens, perform the following prerequisite tasks: #### Task 3a. Register a public OAuth 2.0 client Public clients do not use a client secret to obtain tokens because they are unable to keep them hidden. The Orchestration SDKs commonly use this type of client to obtain tokens, as they cannot guarantee safekeeping of the client credentials in a browser or on a mobile device. To register a *public* OAuth 2.0 client application for use with the SDKs in AM, follow these steps: 1. Log in to the PingAM admin UI as an administrator. 2. Navigate to [icon: list-alt, set=fa]Applications > OAuth 2.0 > Clients, and then click [icon: plus, set=fa]Add Client. 3. In Client ID, enter `sdkPublicClient`. 4. Leave Client secret empty. 5. In Redirection URIs, enter the following values: `https://localhost:8443/callback.html` | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The Orchestration SDK for JavaScript attempts to load the redirect page to capture the OAuth 2.0 `code` and `state` query parameters that the server appended to the redirect URL.If the page you redirect to does not exist, takes a long time to load, or runs any JavaScript you might get a timeout, delayed authentication, or unexpected errors.To ensure the best user experience, we ***highly recommend*** that you redirect to a static HTML page with minimal HTML and no JavaScript when obtaining OAuth 2.0 tokens. | | | | | - | ---------------------------------------------------------------------- | | | Also add any other domains where you will be hosting SDK applications. | 6. In Scopes, enter the following values: `openid profile email address` 7. Click Create. PingAM creates the new OAuth 2.0 client, and displays the properties for further configuration. 8. On the Core tab: 1. In Client type, select `Public`. 2. Disable Allow wildcard ports in redirect URIs. 3. Click Save Changes. 9. On the Advanced tab: 1. In Grant Types, enter the following values: ```none Authorization Code Refresh Token ``` 2. In Token Endpoint Authentication Method, select `None`. 3. Enable the Implied consent property. 10. Click Save Changes. #### Task 3b. Configure the OAuth 2.0 provider The provider specifies the supported OAuth 2.0 configuration options for a realm. To ensure the PingAM OAuth 2.0 provider service is configured for use with the Orchestration SDKs, follow these steps: 1. Log in to the PingAM admin UI as an administrator. 2. In the left panel, click [icon: plug, set=fa]Services. 3. In the list of services, click OAuth2 Provider. 4. On the Core tab, ensure Issue Refresh Tokens is enabled. 5. On the Consent tab, ensure Allow Clients to Skip Consent is enabled. 6. Click Save Changes.