Configure Ping SDK for iOS properties
Use the FROptions
interface to build an options object and pass the object to the FRAuth.start()
method.
Properties
The following properties are available for configuring the Ping SDK for iOS:
Server
Property name | Description | Required | ||
---|---|---|---|---|
|
The base URL of the PingAM instance to connect to, including port and deployment path. Identity Cloud example:
Self-hosted example:
|
|||
|
The realm in which the OAuth 2.0 client profile and authentication journeys are configured. For example, Defaults to the self-hosted top-level realm |
|||
|
A timeout, in seconds, for each request that communicates with PingAM. Default: |
|
||
|
The name of the cookie that contains the session token. For example, with a self-hosted PingAM server this value might be
Default: |
|||
|
When Default: |
|
Journeys
|
The name of a user authentication tree configured in your server. For example, |
|
|
The name of a user registration tree configured in your server. For example, |
|
OAuth 2.0
|
The For example, |
|||
|
The
For example, |
|||
|
The URI to redirect to after signing the user out of the authorization server. For example, |
|
||
|
A list of scopes to request when performing an OAuth 2.0 authorization flow, separated by spaces. For example, |
|||
|
A threshold, in seconds, to refresh an OAuth 2.0 token before the |
|
SSL pinning
|
An array of public key certificate hashes (strings) for trusted sites and services. |
|
|
Keychain access group for the shared keychain. |
|
Endpoints
|
Override the path to the authorization server’s Default: |
|
|
Override the path to the authorization server’s Default: |
|
|
Override the path to the authorization server’s Default: |
|
|
Override the path to the authorization server’s Default: |
|
|
Override the path to the authorization server’s Default: |
|
|
Override the path to the authorization server’s |
|
|
Override the path to the authorization server’s |
|
Session and token lifecycle
The SDK revokes and removes persisted tokens if you programmatically change any of the following properties:
|
Example
The following Swift example shows how to configure the Ping SDK in your iOS applications:
let options = FROptions(
url: "https://tenant.forgeblocks.com/am",
realm: "alpha",
cookieName: "46b42b4229cd7a3",
oauthClientId: "sdkNativeClient",
oauthRedirectUri: "org.forgerock.demo://oauth2redirect",
oauthScope: "openid profile email address",
authServiceName: "Login",
registrationServiceName: "Register")
try FRAuth.start(options: options)
When the application calls FRAuth.start()
, the FRAuth
class checks for the presence of an FROptions
object.
If the object is not present, the static initialization from FRAuthConfig.plist
happens.
If the object is present, the FRAuth
class converts it to a [String, Any]
dictionary and calls the same internal initialization method.
The app can call FRAuth.start()
multiple times in its lifecycle:
-
When the app calls
FRAuth.start()
for the first time in its lifecycle, the SDK checks for the presence of session and access tokens in the local storage.If an existing session is present, initialization does not log the user out.
-
If the app calls
FRAuth.start()
again, the SDK checks whether session managers and token managers are initialized, and cleans the existing session and token storage.This ensures that changes to the app configuration remove and revoke existing sessions and tokens.
Using the .well-known endpoint
You can configure the SDKs to obtain many required settings from your authorization server’s .well-known
OpenID Connect endpoint.
Settings gathered from the endpoint include the paths to use for OAuth 2.0 authorization requests, and login endpoints.
Use the FROptions.discover
method to use the .well-known
endpoint to configure OAuth 2.0 paths:
let options = try await FROptions(config: config).discover(
discoveryURL: "https://openam-forgerock-sdks.forgeblocks.com/am/oauth2/realms/root/realms/alpha/.well-known/openid-configuration")
try FRAuth.start(options: options)