Ping SDKs

Configure your Authorization Server

You need to set up your PingOne Advanced Identity Cloud or PingAM instance with an OAuth 2.0 client and suitable CORS configuration.

Configure an OAuth 2.0 client

Follow the instructions below to create the public OAuth 2.0 client the Token Vault requires:

In addition to the instructions above, perform the following steps:

  1. Add the fully-qualified URL where you will host the Token Vault Proxy.

    For example, https://proxy.example.com.

    Add this value to either the Redirection URIs (self-managed PingAM) or the Sign-in URLs (PingOne Advanced Identity Cloud) property.

  2. Enable refresh tokens in your authorization server:

    1. Add refresh_token to either the Advanced > Response Types (self-managed PingAM) or the Access > Response Types (PingOne Advanced Identity Cloud) property.

    2. Ensure Refresh Token is added to either the Advanced > Grant Types (self-managed PingAM) or the Sign On > Grant Types (PingOne Advanced Identity Cloud) property.

    Generally, we do not recommend the use of OAuth 2.0 refresh tokens with typical web-based applications, but using the Token Vault mitigates a number of the security concerns with using refresh tokens, so they can be enabled to allow refreshing the access tokens without user intervention.

Configure CORS

Follow the instructions below to configure CORS to allow the Token Vault to connect to your server:

In addition to the instructions above, perform the following steps:

  • Add the origins where you will host your main application and the Token Vault Proxy.

    For example, https://sdkapp.example.com and https://proxy.example.com, or when testing locally http://localhost:5173 and http://localhost:5174.

    Add these values to the Accepted origins property.

Copyright © 2010-2024 ForgeRock, all rights reserved.