Orchestration SDKs

Step 2. Configure the sample app

PingOne iOS

In this section you open the sample project in Xcode, and view the integration points in the TODO pane.

You’ll visit each integration point in the sample app to understand how to complete a DaVinci flow, including handling the different nodes and their collectors, obtaining an access token and user information, and finally signing out of the session.

  1. In Xcode, on the File menu, click Open.

  2. Navigate to the sdk-sample-apps folder you cloned in the previous step, navigate to iOS > swiftui-davinci > Davinci.xcworkspace, and then click Open.

    Xcode opens and loads the DaVinci tutorial project.

  3. Open DavinciViewModel and locate the DaVinci.createDaVinci call:

    The DaVinci.createDaVinci call in DavinciViewModel
    public let davinci = DaVinci.createDaVinci { config in
  //TODO: Provide here the Server configuration. Add the PingOne server Discovery Endpoint and the OAuth 2.0 client details
  config.module(PingDavinci.OidcModule.config) { oidcValue in
    oidcValue.clientId = "Client ID"
    oidcValue.scopes = ["scope1", "scope2", "scope3"]
    oidcValue.redirectUri = "Redirect URI"
    oidcValue.discoveryEndpoint = "Discovery Endpoint"
    oidcValue.acrValues = "acrValue1"
  }
}

    This snippet initializes the DaVinci module, and leverages the OpenID Connect (OIDC) module to configure the settings to connect to your PingOne instance.

    1. In the oidcValue.clientId property, enter the ID of the client you are connecting to in PingOne.

      Example:

      clientId = "6c7eb89a-66e9-ab12-cd34-eeaf795650b2"

      Refer to Get configuration values from PingOne for instructions of where to find this value.

    2. In the oidcValue.scopes property, add the scopes you want to assign users who complete authentication using the client.

      Example:

      scopes = mutableSetOf("openid", "email", "profile")

    3. In the oidcValue.redirectUri property, enter the application ID of your sample app, followed by ://oauth2redirect.

      Example:

      redirectUri = "org.forgerock.demo://oauth2redirect"

      The redirectUri value you use must exactly match one of the Redirect URIs value you enter in the native OAuth 2.0 application you created in PingOne earlier.

    4. In the oidcValue.discoveryEndpoint property, enter the OIDC Discovery Endpoint value from the client you are connecting to in PingOne.

      Example:

      discoveryEndpoint = "https://auth.pingone.ca/3072206d-c6ce-ch15-m0nd-f87e972c7cc3/as/.well-known/openid-configuration"

      Refer to Get configuration values from PingOne for instructions of where to find this value.

    5. Optionally, in acrValues, add Authentication Context Class Reference (acr) value.

      Enter either a single DaVinci policy by using its flow policy ID, or one or more PingOne policies by specifying the policy names, separated by spaces or the encoded space character %20.

      Examples:

      DaVinci flow policy ID

      d1210a6b0b2665dbaa5b652221badba2

      PingOne policy names

      Single_Factor%20Multi_Factor

      The Orchestration SDK sends this as the acr_values parameter in the authentication request, as per the specification.

    6. Optionally, delete the TODO comment to remove it from the list.

    The result resembles the following:

    DavinciViewModel
    public let davinci = DaVinci.createDaVinci { config in
  config.module(PingDavinci.OidcModule.config) { oidcValue in
    oidcValue.clientId = "6c7eb89a-66e9-ab12-cd34-eeaf795650b2"
    oidcValue.scopes = ["openid", "email", "profile"]
    oidcValue.redirectUri = "org.forgerock.demo://oauth2redirect"
    oidcValue.discoveryEndpoint = "https://auth.pingone.ca/3072206d-c6ce-ch15-m0nd-f87e972c7cc3/as/.well-known/openid-configuration"
    oidcValue.acrValues = "Single_Factor"
  }
}