SDK

Expose core ForgeRock IAM functionality and enable best practices for rapid integration with Authentication Trees, data collection, token exchange, and security.

Learn More

ForgeRock SDKs enable you to quickly integrate the ForgeRock Identity Platform into your web or mobile apps. There are a number of powerful features in the ForgeRock stack - one of those being our intelligent authentication. We built SDKs to make those authentication trees easy to consume, along with being able to determine the security and location of the device requesting authentication. The ForgeRock SDKs are all open source and we don’t use 3rd-party libraries so you can be assured that all components are fully supported by ForgeRock.  With these SDKs for Javascript, iOs, and Android, you can use any or all of the modules, and extend them in any way you want.

Intelligent Authentication

The ForgeRock SDKs leverage the Access Management (AM) intelligent authentication. Use the SDKs to easily step through each stage of an authentication tree by using callbacks. User Login Analytics, built into Intelligent Authentication, offer metrics and timers that measure user interactions as well as their devices, such as the time it takes to authenticate and call out to third-party systems across services and applications. You can change your authentication tree in AM, and the SDK will automatically handle the changes in real time. You don’t have to redeploy the application or make any code changes in the app.

Learn More

Token Management

The SDKs use the OAuth 2.0 Auth Code flow with PKCE. ForgeRock has selected this method as the best practice for first-party applications. The SDK automatically handles token exchange for you, and also securely stores the tokens. Token refresh is automatically handled by the SDK so you don’t have to think about it.

UI Development

The SDKs also let you pull in a separate UI component. You can use it for rapid prototyping, or as a building block for your application. Let’s say you want to get an authentication experience in front of some of your users or business stakeholders. You can easily use modules to implement different authentication flows, update them in real time in ForgeRock Access Management, and display the results immediately in your application.

Security

The ForgeRock SDKs are built from the ground up to use best practices for securing token material. We currently have three SDKs: iOS, Android, and Javascript.  The iOS SDK secures key material in the keychain; the Android SDK uses the keystore. This encrypts and protects the tokens from unauthorized use. The JavaScript SDK uses IndexedDB to store tokens. These best practices all come for free when using the ForgeRock SDKs.

Single Sign-On (SSO)

In some scenarios your company may have multiple native applications that customers have installed on their devices. You can use the SDK to seamlessly sign users in to multiple applications on a device. When the customer signs into one application, they are automatically signed into a second application on that device—without having to authenticate again.

Pluggability & Extensibility

All SDK modules are pluggable and extensible. Don’t want to use our method for jailbroken detection? No problem! Just plug in your own method, or use any 3rd-party plug-in instead. On top of the plugability of the SDK, you can also create any custom node on the server side to send data to a 3rd party to validate user information like phone number or IP address.

Device Security Profile

Using the SDK you have the option to collect device DNA to use in your authentication flows. You might use this data to compare to a user sign-in to a prior sign-in event. If the device profile has changed too much from the prior event, you can deny the sign-in.

Jailbreak or Root Detection

The iOS and Android SDKs generate a score to determine if a device is jailbroken or rooted. There are a number of factors that go into creating this score. The score ranges from 0 to 1.0, where 0 indicates the device is an emulator.

Device ID & Meta Data

ForgeRock SDKs will automatically generate a device ID for you. You can use the ID with Identity Manager or Access Management to allow your users to manage their devices.  For example, you can insert the device ID and associated data into a user’s profile. This lets them view their devices and set the devices as trusted. You can also decide to use a recognized device in an authentication flow to avoid asking a user for another factor.

Location Information

You can collect Latitude and Longitude information from your users via the Android and IOS SDKs. Apps that use location services must request location permissions from users.