search
quickstarts

Use Hosted Pages

In this QuickStart you’ll:

  • Use the Express console to add a web app to the tenant.
  • Follow the ForgeRock SDK sample app to integrate authentication into your app.
  • Examine how registration and authentication work with the ForgeRock hosted pages.

Step 1: Configure a Web App

A. Sign in to the Express console at http://{your-organization-name}.forgerock.com.

B. Go to Applications > New Application > Web.


application console

C. On the New Web Application page enter the following information and click Save.

Entry Description
Name A unique name for your app
Description Optional description of your app
Login Redirect URL Whitelist URLs to allow redirect to after login
http://localhost:9080/callback, http://localhost:9080/callback/non-hosted
Logout Redirect URL Whitelist URLs to allow redirect to after logout
http://localhost:9080
Description Optional

D. Save the Client ID and Client Secret. You’ll use this information when you configure the sample web app.

Step 2: Set up the Sample App

The sample app is a node.js app.

A. Install the following software:

OBSOLETE INFO

B. Clone the https://github.com/ForgeCloud/app-sdk repository.

Step 3: Run the Sample App

In the web app you can now test self-registration, sign-ins, and sign-outs. Passwords are governed by complexity rules shown in your web app, at the following URL: https://ui-{tenantName}.forgeblocks.com/authentication/password.

A. At the command-line, navigate to the directory where you saved the app-sdk.

B. Run the following commands, using the Tenant Name and Client ID created earlier:

$ npm i
$ sh start.sh {Tenant Name} {Client ID} {Client Secret} RS256

C. Open a browser and navigate to http://localhost:9080.

D. Click ‘HOSTED SIGN-IN’.

E. Click ‘Register an account’.

F. Register an account (follow the password policy set up in the admin console)

You can now use this account to authenticate. Try authentication in the sample app and check out the user in the admin console.

Where to Go From Here

With a web app, you can adjust settings related to token lifetimes and grant types. For more information on tokens, see the Tokens page. The signing algorithm associated with the JWT Token is RSA Signature with SHA-256 (RS256).

To reduce security risks, limit the use of grant types for your applications. For more information, see our discussion of Grant Types.

Hosted Pages

  1. In the Admin Console, navigate to Hosted Pages > Sign Up/Sign In. Try adjusting the hosted pages. Make changes to see how you can configure the registration and sign in experience.

  2. Try our Authentication APIs. They let you use your own sign in and registration pages.

This sample uses the OAuth 2.0 confidential client type. In this setup, Express exchanges an authorization code for a token. To learn more about authentication flows, see the following section on how to Incorporate Auth Into Your App.


If you have questions email [email protected].