The client applications in this repository demonstrate standards-based profile management. The user profiles are stored and served by ForgeRock software that you deploy either locally on your computer or remotely in the cloud. These example client applications protect access to the profiles with standard OAuth 2.0 and OpenID Connect 1.0-based mechanisms.
These example clients are provided:
basic-vertx
:
OAuth 2.0 client showing how to protect access to profiles with a Vert.x application.iOS-AppAuth
:
iOS native OAuth 2.0/OpenID Connect clients using the authorization code grant.
These are Swift applications using the AppAuth SDK for iOS, protecting access to user profile information.node-passport-openidconnect
:
OAuth 2.0/OpenID Connect client showing how to protect profiles with a choice of OpenID Provider.
This Node.js application secures client credentials, access tokens, and ID tokens, communicating with the provider through a back channel. It keeps sensitive data away from the user-agent.openidm-ui-enduser-jso
:
Single-page application showing OAuth 2.0 implicit flow protection for a public client in the user-agent.
Consider the implicit flow when the authorization code flow cannot be used effectively. For example, because the authorization server does not support cross-origin resource sharing (CORS).spa-appauth
:
Single-page application showing OpenID Connect-based single sign-on (SSO) and logout.
Each example client is self-contained, and fully described in its own README.
- Clone the following
git
repositories: - Install third-party software for Kubernetes support:
- Docker (https://docs.docker.com/install/)
minikube
(https://kubernetes.io/docs/tasks/tools/install-minikube/)
(required only if you run everything locally on your laptop)kubectl
(https://kubernetes.io/docs/tasks/tools/install-kubectl/)skaffold
(https://github.com/GoogleContainerTools/skaffold#installation)
- (Optional) XCode on macOS for the iOS examples.
- Follow the README for the ForgeRock Cloud Platform
- Follow the README for your chosen client in this repository.
Important
- Match the branch versions of the
forgeops
andexampleOAuth2Clients
repositories.
Different branches are not compatible and not interoperable. Themaster
branch is under active development. Older branches are more stable. For example, before trying theexampleOAuth2Clients
6.5 branch, check out a branch tracking the appropriateforgeops
branch:cd forgeops ; git fetch --all --tags --prune ; git checkout --track release/6.5.1
Theforgeops-init
repository uses versioned directories rather than branches. - Your browser does not trust the server certificates used by default.
The certificates are signed by a self-signed example CA certificate.
You can either trust the CA—temporarily, because the example CA keys are published—or
use a browser that you can run with an option to skip server certificate validation,
such as
google-chrome --ignore-certificate-errors https://sample.iam.forgeops.com/am/console
To use the example client applications as described in their README files,
you must access or set up a running instance of the ForgeRock
ForgeRock Cloud Platform.
The ForgeRock Cloud Platform deploys the ForgeRock Identity Platform
into a Kubernetes environment such as minikube
on a laptop,
Amazon Elastic Container Service for Kubernetes (Amazon EKS), or
Google Kubernetes Engine (GKE), and others.
The ForgeRock Cloud Platform configures the ForgeRock Platform components
for use with the example clients in this repository.
The setup process builds the following layers, starting from the bottom and working up:
+-----------------------------------------------------+
| Example Clients (exampleOAuth2Clients) |
+-----------------------------------------------------+
| ForgeRock Identity Platform (forgeops/dev) |
+-----------------------------------------------------+
| Kubernetes Support (minikube, GKE, EKS, others)|
+-----------------------------------------------------+
You do not need to know DevOps, Kubernetes, or the ForgeRock Platform
to try the example clients.
Of course, if you run into any problems, debugging will be faster
if you are already familiar with DevOps and Kubernetes infrastructure,
the ForgeRock Platform components, and tools like
Docker, kubectl
and skaffold
.
To try the ForgeRock Platform in Kubernetes, first download and install
these freely available third-party software tools to work with Kubernetes
as described above.
If you install minikube
,
you can run a local ForgeRock Platform development environment
with some disk space for the files and 4 GB free memory.
Should you choose to go beyond the basics,
full details are available in Installing Required Third-Party Software,
a section in the ForgeRock Platform DevOps Release Notes.
To set up the ForgeRock Platform in Kubernetes, rely on these git
repositories:
ForgeRock Cloud Platform
:
Reference implementations for the ForgeRock DevOps examples and Cloud Deployment Model.
Use this repository to download and set up ForgeRock Platform software into Kubernetes environment, whether that is local or cloud-based.exampleOAuth2Clients
:
Example standards-based client applications.