--- title: Step 2. Configure connection properties description: Explains how to configure the connection properties in the sample app for the iOS OIDC sign-on module tutorial with PingOne. component: orchsdks page_id: orchsdks:oidc:try-it-out/ios/pingone/02_configuring-sample-for-pingone canonical_url: https://developer.pingidentity.com/orchsdks/oidc/try-it-out/ios/pingone/02_configuring-sample-for-pingone.html revdate: Thu, 2 Apr 2026 11:33:37 +0100 keywords: ["OAuth 2.0", "OpenID Connect", "Tutorial", "Source Code", "Integration", "SDK", "iOS", "PingOne", "connection properties"] --- # Step 2. Configure connection properties [icon: circle-check, set=far]PingOne [icon: apple, set=fab]iOS * [Prepare](00_before-you-begin.html) * [Download](01_download-sample-repo.html) * **Configure** * [Run](03_running-sample-pingone.html) In this step, you configure the "swiftui-oidc-module" app to connect to the OAuth 2.0 application you created in PingOne, and display the login UI of the server. 1. In Xcode, on the File menu, click Open. 2. Navigate to the `sdk-sample-apps` folder you cloned in the previous step, navigate to `iOS` > `swiftui-oidc-module`, select `OidcExample.xcodeproj`, and then click Open. 3. In the Project Navigator pane, navigate to **OidcExample > OidcExample > ViewModels**, and open the `OidcLoginViewModel` file. 4. Locate the `OidcWebClient.createOidcWebClient` method and update it with the values from your PingOne tenant. | | | | - | ----------------------------------------------------------------------------------- | | | The function is commented with `//TODO:` in the source to make it easier to locate. | ```swift public let oidcLogin = OidcWebClient.createOidcWebClient { config in //TODO: Provide here the Server configuration. config.browserMode = .login config.browserType = .authSession config.logger = LogManager.standard config.module(PingOidc.OidcModule.config) { oidcValue in oidcValue.clientId = "6c7eb89a-66e9-ab12-cd34-eeaf795650b2" oidcValue.scopes = Set(["openid", "email", "address", "profile", "phone"]) oidcValue.redirectUri = "com.example.demo://oauth2redirect" oidcValue.discoveryEndpoint = "https://auth.pingone.com/3072206d-c6ce-ch15-m0nd-f87e972c7cc3/as/.well-known/openid-configuration" // Optional: Add ACR values if required by your authentication flow // oidcValue.acrValues = "ACR_VALUE" } } ``` * *clientId* The client ID from your OAuth 2.0 application in PingOne. For example, `6c7eb89a-66e9-ab12-cd34-eeaf795650b2` | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------- | | | You must specify the client ID value, such as `6c7eb89a-66e9-ab12-cd34-eeaf795650b2`.Do not enter the application name, such as `sdkNativeClient`. | * *scopes* The scopes you added to your OAuth 2.0 application in PingOne. For example, `"openid", "email", "address", "profile", "phone"` * *redirectUri* The `redirect_uri` to return to after logging in with the server UI, for example the URI to your client app. | | | | - | -------------------------------------------------------------------------- | | | This value must exactly match a value configured in your OAuth 2.0 client. | For example, `com.example.demo://oauth2redirect`. * *discoveryEndpoint* The `.well-known` endpoint from your PingOne tenant. > **Collapse: How do I find my PingOne .well-known URL?** > > To find the `.well-known` endpoint for an OAuth 2.0 client in PingOne: > > 1. Log in to your PingOne administration console. > > 2. Go to **Applications > Applications**, and then select your OAuth 2.0 client. > > For example, sdkPublicClient. > > 3. On the **Overview** tab, expand the **Connection Details** section, and then copy the **OIDC Discovery Endpoint** value. > > ![Locating the .well-known URL in a PingOne client profile.](../../../../_images/p1-client-well-known.png) For example, `https://auth.pingone.com/3072206d-c6ce-ch15-m0nd-f87e972c7cc3/as/.well-known/openid-configuration` Optionally, customize the following properties: * *browserType* You can specify what type of browser the client iOS device opens to handle centralized login. Each browser has slightly different characteristics, which make them suitable to different scenarios, as outlined in this table: | Browser type | Characteristics | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `.authSession` | Opens a [web authentication session](https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession) browser.Designed specifically for authentication sessions, however it prompts the user before opening the browser with a modal that asks them to confirm the domain is allowed to authenticate them.This is the default option in the Orchestration SDK for iOS. | | `.ephemeralAuthSession` | Opens a [web authentication session](https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession) browser, but enables the [`prefersEphemeralWebBrowserSession`](https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession/prefersephemeralwebbrowsersession) parameter.This browser type *does not* prompt the user before opening the browser with a modal.The difference between this and `.authSession` is that the browser does not include any existing data such as cookies in the request, and also discards any data obtained during the browser session, including any session tokens.When is `ephemeralAuthSession` suitable:- [icon: times, set=fa]`ephemeralAuthSession` is *not* suitable when you require single sign-on (SSO) between your iOS apps, as the browser will not maintain session tokens. - [icon: times, set=fa]`ephemeralAuthSession` is *not* suitable when you require a session token to log a user out of the server, for example for logging out of PingOne, as the browser will not maintain session tokens. - [icon: check, set=fa]Use `ephemeralAuthSession` when you do not want the user's existing sessions to affect the authentication. | | `.nativeBrowserApp` | Opens the installed browser that is marked as the default by the user. Often Safari.The browser opens without any interaction from the user. However, the browser does display a modal when returning to your application. | | `.sfViewController` | Opens a [Safari view controller](https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller) browser.Your client app is ***not*** able to interact with the pages in the `sfViewController` or access the data or browsing history.The view controller opens within your app without any interaction from the user. As the user does not leave your app, the view controller does not need to display a warning modal when authentication is complete and control returns to your application. | * *acrValues* Specify which of the configured policies PingOne uses to authenticate users. Enter either a single DaVinci policy by using its flow policy ID, or one or more PingOne policies by specifying the policy names, separated by spaces or the encoded space character `%20`. Examples: * DaVinci flow policy ID `d1210a6b0b2665dbaa5b652221badba2` * PingOne policy names `Single_Factor%20Multi_Factor` 5. Save your changes.