---
title: Step 2. Configure connection properties
description: Explains how to configure the connection properties in the sample app for the JavaScript OIDC sign-on module tutorial with PingAM.
component: orchsdks
page_id: orchsdks:oidc:try-it-out/javascript/pingam/02_configure_connection_properties
canonical_url: https://developer.pingidentity.com/orchsdks/oidc/try-it-out/javascript/pingam/02_configure_connection_properties.html
revdate: Thu, 2 Apr 2026 11:33:37 +0100
keywords: ["OAuth 2.0", "OpenID Connect", "Tutorial", "Source Code", "Integration", "SDK", "JavaScript", "PingAM", "connection properties"]
section_ids:
  react-api-server-env: Configure the API server app
  react-env: Configure the ReactJS client app
---

# Step 2. Configure connection properties

[icon: circle-check, set=far]PingAM [icon: js, set=fab]JavaScript

* [Prepare](00_before-you-begin.html)

* [Download](01_download-sample-repo.html)

* **Configure**

* [Run](03_test_the_app.html)

There are two projects in this tutorial that require configuration:

* [Backend API server](#react-api-server-env)

  A backend REST API server that uses a confidential OAuth 2.0 client to contact the authorization server. The API server handles storage and retrieval of your personal "Todo" items.

* [Client ReactJS app](#react-env)

  The front-end client app, written in ReactJS, that handles the UI and authentication journeys.

## Configure the API server app

1. In the IDE of your choice, open the `sdk-sample-apps` folder you cloned previously.

2. Copy the `.env.example` file in the `sdk-sample-apps/javascript/todo-api` folder and save it with the name `.env` within this same directory.

   The file contains configuration to connect to the confidential OAuth 2.0 client you created earlier:

   Example default API server `sdk-sample-apps/javascript/todo-api/.env` file

   ```properties
   # 'AIC' or 'PINGONE'
   SERVER_TYPE=
   # AM URL for AIC or PingOne base URL with env ID for PingOne
   SERVER_URL=
   PORT=
   # 'alpha' or 'bravo' for AIC server type. Not used for PingOne.
   REALM_PATH=
   # Confidential client ID for AIC or WebApp public client ID for PingOne
   REST_OAUTH_CLIENT=
   # Confidential client secret for AIC. Not used for PingOne.
   REST_OAUTH_SECRET=
   ```

3. Update the configuration block with the details of your server environment.

   * *SERVER\_TYPE*

     Ensures the sample app uses the correct behavior for the different servers it supports, for example the endpoint to use for introspecting tokens received from the client app.

     For PingOne Advanced Identity Cloud or PingAM servers, specify `AIC`.

   * *SERVER\_URL*

     The URL of the server to connect to, including the deployment path of the Access Management component.

     For example, `https://openam.example.com:8443/openam`

   * *PORT*

     The port number on which to run the TODO API server.

     You'll need this port number when configuring the client app to connect to the TODO API server.

     If not specified, the TODO API server defaults to running on port `9443`

   * *REALM\_PATH*

     The realm in which the confidential OAuth 2.0 client profile is configured.

     Usually, `root` for PingAM servers.

   * *REST\_OAUTH\_CLIENT*

     The client ID of the confidential OAuth 2.0 application you created earlier.

     For example, `sdkConfidentialClient`

   * *REST\_OAUTH\_SECRET*

     The secret of the confidential OAuth 2.0 application you created earlier.

     For example, `5tr0ngP@S5w0rd!`

   The result will resemble the following:

   Example completed API server `sdk-sample-apps/javascript/todo-api/.env` file

   ```properties
   # 'AIC' or 'PINGONE'
   SERVER_TYPE=AIC
   # AM URL for AIC or PingOne base URL with env ID for PingOne
   SERVER_URL=https://openam.example.com:8443/openam
   PORT=9443
   # 'alpha' or 'bravo' for AIC server type. Not used for PingOne.
   REALM_PATH=root
   # Confidential client ID for AIC or WebApp public client ID for PingOne
   REST_OAUTH_CLIENT=sdkConfidentialClient
   # Confidential client secret for AIC. Not used for PingOne.
   REST_OAUTH_SECRET=5tr0ngP@S5w0rd!
   ```

4. Save your changes.

## Configure the ReactJS client app

1. In the IDE of your choice, open the `sdk-sample-apps` folder you cloned previously.

2. Copy the `.env.example` file in the `sdk-sample-apps/javascript/reactjs-todo-oidc` folder and save it with the name `.env` within this same directory.

   Example client `sdk-sample-apps/javascript/reactjs-todo-oidc/.env` file

   ```properties
   WEB_OAUTH_CLIENT=
   WELLKNOWN_URL=
   SCOPE=
   #SERVER - 'PINGAM' or 'PINGONE'
   SERVER=
   API_URL=http://localhost:9443
   PORT=8443
   DEBUGGER_OFF=true
   DEVELOPMENT=true
   ```

3. Update the configuration block with the details of your server environment.

   * *WEB\_OAUTH\_CLIENT*

     The client ID of your *public* OAuth 2.0 application in PingAM.

     For example, `sdkPublicClient`

   * *WELLKNOWN\_URL*

     The `.well-known` endpoint from your server.

     > **Collapse: How do I find my PingAM  URL?**
     >
     > To form the `.well-known` URL for an PingAM server, concatenate the following information into a single URL:
     >
     > 1. The base URL of the PingAM component of your deployment, including the port number and deployment path.
     >
     >    For example, `https://openam.example.com:8443/openam`
     >
     > 2. The string `/oauth2`
     >
     > 3. The hierarchy of the realm that contains the OAuth 2.0 client.
     >
     >    You must specify the entire hierarchy of the realm, starting at the Top Level Realm. Prefix each realm in the hierarchy with the `realms/` keyword.
     >
     >    For example, `/realms/root/realms/customers`
     >
     >    |   |                                                                                 |
     >    | - | ------------------------------------------------------------------------------- |
     >    |   | If you omit the realm hierarchy, the top level `ROOT` realm is used by default. |
     >
     > 4. The string `/.well-known/openid-configuration`
     >
     > For example, `https://openam.example.com:8443/openam/oauth2/realms/root/.well-known/openid-configuration`

     For example, `https://openam.example.com:8443/openam/oauth2/realms/root/.well-known/openid-configuration`

   * *SCOPE*

     The scopes you added to your public OAuth 2.0 application.

     Scopes should be space-separated, and the entire value should be enclosed in single-quotes.

     For example, `'openid profile email address'`

   * *SERVER*

     Enter `'PINGAM'` for PingAM servers.

   * *API\_URL*

     The URL and port number on which you are running the TODO API backend server.

     For example, `http://localhost:9443`

   * *PORT*

     The port number from which to server the client app.

     Defaults to `8443`

   * *DEBUGGER\_OFF*

     Set to `true`, to disable `debug` statements in the app.

     These statements are for learning the integration points at runtime in your browser.

     When you open the browser's developer tools, the app pauses at each integration point. Code comments are placed above each one explaining their use.

   * *DEVELOPMENT*

     When `true`, this provides better debugging during development.

   The result will resemble the following:

   Example client `sdk-sample-apps/javascript/reactjs-todo-oidc/.env` file

   ```properties
   WEB_OAUTH_CLIENT=sdkPublicClient
   WELLKNOWN_URL=https://openam.example.com:8443/openam/oauth2/realms/root/.well-known/openid-configuration
   SCOPE='openid profile email address'
   #SERVER - 'PINGAM' or 'PINGONE'
   SERVER=PINGAM
   API_URL=http://localhost:9443
   PORT=8443
   DEBUGGER_OFF=true
   DEVELOPMENT=true
   ```

4. Save your changes.