quickstarts
Use Hosted Pages
In this QuickStart you’ll:
- Use the Express console to add a web app to the tenant.
- Follow the ForgeRock SDK sample app to integrate authentication into your app.
- Examine how registration and authentication work with the ForgeRock hosted pages.
Step 1: Configure a Web App
A. Sign in to the Express console at https://ui-mycompany.forgeblocks.com/signin.
B. Click Applications > New Application > Web.

C. On the New Web Application page, enter the following information, and then click Save.
Entry | Description |
---|---|
Name | A unique name for your app |
Description | Optional description of your app |
Login Redirect URL Whitelist | URLs to allow redirect to after login http://localhost:9080/callback, http://localhost:9080/callback/non-hosted |
Logout Redirect URL Whitelist | URLs to allow redirect to after logout http://localhost:9080 |
Description | Optional |
D. Save the Client ID and Client Secret. You’ll use this information when you configure the sample web app.
Step 2: Set up the Sample App
The sample app is a node.js
app.
A. Install the following software:
B. Clone the https://github.com/ForgeCloud/app-sdk repository.
Step 3: Run the Sample App
In the web app you can now test self-registration, sign-ins, and sign-outs. Passwords
are governed by complexity rules shown in your web app. See
https://ui-{tenantName}.forgeblocks.com/authentication/password.
A. At the command-line, go to the directory where you saved the app-sdk
.
B. Run the following commands using the Tenant Name and Client ID created in Step 1:
$ npm i
$ sh start.sh {Tenant Name} {Client ID} {Client Secret} RS256
C. In a browser, go to http://localhost:9080.
D. Click ‘HOSTED SIGN-IN’.
E. Click ‘Register an account’.
F. Register an account (follow the password policy set up in the Express console).
You can now use this account to authenticate. Try authentication in the sample app and check out the user in the admin console.
Where to Go From Here
With a web app, you can adjust settings related to token lifetimes and grant types. For more information on tokens, see the section on how to manage JSON Web Tokens page. The signing algorithm associated with the JWT Token is RSA Signature with SHA-256 (RS256).
To reduce security risks, limit the use of grant types for your applications. For more information, see our discussion on how to Configure Grant Types.
Hosted Pages
-
In the Express console, click Hosted Pages > Sign Up/Sign In. Try adjusting the hosted pages. Make changes to see how you can configure the registration and sign in experience.
-
Try our Authentication APIs. They let you use your own sign-in and registration pages.
This sample uses the OAuth 2.0 confidential client type. In this setup, Express exchanges an authorization code for a token. To learn more about authentication flows, see the following section on how to Integrate Authentication.
For questions or feedback, contact us.