From ddbd57af442759aed6bf69b0bd11cf96da8084f8 Mon Sep 17 00:00:00 2001
From: jey <jey.periyasamy@forgerock.com>
Date: Mon, 3 Jun 2024 18:30:31 -0500
Subject: [PATCH] OIDC ping discovery

---
 .../org/forgerock/android/auth/FRAuth.java    |  2 -
 .../org/forgerock/android/auth/FROptions.kt   | 86 ++++++++++++++++---
 .../forgerock/android/auth/OAuth2Client.java  | 44 ++++++++--
 .../forgerock/android/auth/UserService.java   | 13 ++-
 .../forgerock/android/auth/FROptionTest.kt    | 64 ++++++++------
 .../src/test/resources/discovery.json         | 29 +++++++
 .../android/auth/KotlinExtensions.kt          | 15 +++-
 .../forgerock/android/auth/ExtensionTest.kt   | 70 +++++++++++++++
 .../main/java/com/example/app/AppNavHost.kt   |  6 +-
 .../com/example/app/centralize/Centralize.kt  | 10 ++-
 .../centralize/CentralizeLoginViewModel.kt    | 37 +++++---
 .../java/com/example/app/env/EnvViewModel.kt  | 16 +++-
 12 files changed, 323 insertions(+), 69 deletions(-)
 create mode 100644 forgerock-auth/src/test/resources/discovery.json
 create mode 100644 forgerock-core/src/test/java/org/forgerock/android/auth/ExtensionTest.kt

diff --git a/forgerock-auth/src/main/java/org/forgerock/android/auth/FRAuth.java b/forgerock-auth/src/main/java/org/forgerock/android/auth/FRAuth.java
index 52db439d..795321b3 100644
--- a/forgerock-auth/src/main/java/org/forgerock/android/auth/FRAuth.java
+++ b/forgerock-auth/src/main/java/org/forgerock/android/auth/FRAuth.java
@@ -47,8 +47,6 @@ public static synchronized void start(Context context, @Nullable FROptions optio
         if(!started || !FROptions.equals(cachedOptions, options)) {
             started = true;
             FROptions currentOptions = ConfigHelper.load(context, options);
-            //Validate (AM URL, Realm, CookieName) is not Empty. If its empty will throw IllegalArgumentException.
-            currentOptions.validateConfig();
             if (ConfigHelper.isConfigDifferentFromPersistedValue(context, currentOptions)) {
                SessionManager sessionManager = ConfigHelper.getPersistedConfig(context, cachedOptions).getSessionManager();
                sessionManager.close();
diff --git a/forgerock-auth/src/main/java/org/forgerock/android/auth/FROptions.kt b/forgerock-auth/src/main/java/org/forgerock/android/auth/FROptions.kt
index 35f7df57..242df57b 100644
--- a/forgerock-auth/src/main/java/org/forgerock/android/auth/FROptions.kt
+++ b/forgerock-auth/src/main/java/org/forgerock/android/auth/FROptions.kt
@@ -1,12 +1,21 @@
 /*
- * Copyright (c) 2022 - 2023 ForgeRock. All rights reserved.
+ * Copyright (c) 2022 - 2024 ForgeRock. All rights reserved.
  *
  * This software may be modified and distributed under the terms
  * of the MIT license. See the LICENSE file for details.
  */
 package org.forgerock.android.auth
 
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.withContext
+import okhttp3.Interceptor
 import okhttp3.OkHttpClient
+import okhttp3.Request
+import org.forgerock.android.auth.OkHttpClientProvider.Companion.getInstance
+import org.forgerock.android.auth.exception.ApiException
+import org.json.JSONObject
+import java.net.URL
+import java.util.concurrent.TimeUnit
 
 /**
  * Manages SDK configuration information
@@ -22,7 +31,7 @@ data class FROptions(val server: Server,
         @JvmStatic
         fun equals(old: FROptions?, new: FROptions?): Boolean {
             // do the referential check first
-            if(old === new) {
+            if (old === new) {
                 return true
             }
             // if there is a change in reference then check the value
@@ -34,13 +43,68 @@ data class FROptions(val server: Server,
                     && old?.logger == new?.logger
         }
     }
-    @Throws(IllegalArgumentException::class)
-    @JvmName("validateConfig")
-    internal fun validateConfig() {
-        require(server.url.isNotBlank()) { "AM URL cannot be blank" }
-        require(server.realm.isNotBlank()) { "Realm cannot be blank" }
-        require(server.cookieName.isNotBlank()) { "cookieName cannot be blank" }
+    private fun getOkHttpClient(url: URL): OkHttpClient {
+        val networkConfig = NetworkConfig.networkBuilder()
+            .timeUnit(TimeUnit.SECONDS)
+            .host(url.authority)
+            .interceptorSupplier {
+                listOf<Interceptor>(
+                    OkHttpRequestInterceptor()
+                )
+            }
+            .build()
+
+        // Obtain instance of OkHttp client
+        val httpClient = getInstance().lookup(networkConfig)
+        return httpClient
+    }
+
+    /**
+     * Discover the OpenID Configuration
+     *
+     * @param discoverUrl The OpenID Configuration URL
+     * @return The SDK configuration information
+     */
+    suspend fun discover(discoverUrl: String): FROptions {
+        return withContext(Dispatchers.IO) {
+            try {
+                val url = URL(discoverUrl)
+                val httpClient = getOkHttpClient(url)
+                val request = Request.Builder()
+                    .url(discoverUrl)
+                    .get().build()
+
+                httpClient.newCall(request).execute().use { response ->
+                    if (!response.isSuccessful) {
+                        throw ApiException(
+                            response.code,
+                            response.message,
+                            response.body?.string()
+                        )
+                    }
+
+                    val openIdConfiguration = response.body?.string()?.let {
+                        JSONObject(it)
+                    }
+
+                    val server = this@FROptions.server.copy(url = openIdConfiguration?.getString("issuer") ?: "")
+
+                    val urlPath = this@FROptions.urlPath.copy(
+                        authorizeEndpoint = openIdConfiguration?.getString("authorization_endpoint"),
+                        tokenEndpoint =  openIdConfiguration?.getString("token_endpoint"),
+                        userinfoEndpoint = openIdConfiguration?.getString("userinfo_endpoint"),
+                        revokeEndpoint = openIdConfiguration?.getString("revocation_endpoint"),
+                        endSessionEndpoint = openIdConfiguration?.getString("end_session_endpoint"))
+
+                    this@FROptions.copy(urlPath = urlPath, server = server)
+
+                }
+            } catch (e: Exception) {
+                throw  e
+            }
+        }
     }
+
 }
 
 /**
@@ -48,7 +112,7 @@ data class FROptions(val server: Server,
  */
 class FROptionsBuilder {
 
-    private lateinit var server: Server
+    private var server: Server = Server("", "root", 30, "iPlanetDirectoryPro", 0)
     private var oauth: OAuth = OAuth()
     private var service: Service = Service()
     private var urlPath: UrlPath = UrlPath()
@@ -123,7 +187,7 @@ class FROptionsBuilder {
 /**
  * Data class for the server configurations
  */
-data class Server(val url: String,
+data class Server(val url: String = "",
                   val realm: String = "root",
                   val timeout: Int = 30,
                   val cookieName: String = "iPlanetDirectoryPro",
@@ -133,7 +197,7 @@ data class Server(val url: String,
  * Server builder to build the SDK configuration information specific to server
  */
 class ServerBuilder {
-    lateinit var url: String
+    var url: String = ""
     var realm: String = "root"
     var timeout: Int = 30
     var cookieName: String = "iPlanetDirectoryPro"
diff --git a/forgerock-auth/src/main/java/org/forgerock/android/auth/OAuth2Client.java b/forgerock-auth/src/main/java/org/forgerock/android/auth/OAuth2Client.java
index 8cc4b039..d4916271 100644
--- a/forgerock-auth/src/main/java/org/forgerock/android/auth/OAuth2Client.java
+++ b/forgerock-auth/src/main/java/org/forgerock/android/auth/OAuth2Client.java
@@ -9,6 +9,7 @@
 
 import android.net.Uri;
 import android.util.Base64;
+import android.util.Patterns;
 
 import androidx.annotation.NonNull;
 import androidx.annotation.Nullable;
@@ -33,6 +34,7 @@
 import okhttp3.RequestBody;
 import okhttp3.Response;
 
+import static org.forgerock.android.auth.KotlinExtensionsKt.isAbsoluteUrl;
 import static org.forgerock.android.auth.ServerConfig.ACCEPT_API_VERSION;
 import static org.forgerock.android.auth.StringUtils.isNotEmpty;
 
@@ -382,9 +384,16 @@ private URL getAuthorizeUrl(Token token, PKCE pkce, String state, Map<String, St
     }
 
     URL getAuthorizeUrl() throws MalformedURLException {
+
+        String authorizeEndpoint = serverConfig.getAuthorizeEndpoint();
+
+        if(isAbsoluteUrl(authorizeEndpoint)) {
+            return new URL(authorizeEndpoint);
+        }
+
         Uri.Builder builder = Uri.parse(serverConfig.getUrl()).buildUpon();
-        if (isNotEmpty(serverConfig.getAuthorizeEndpoint())) {
-            builder.appendEncodedPath(serverConfig.getAuthorizeEndpoint());
+        if (isNotEmpty(authorizeEndpoint)) {
+            builder.appendEncodedPath(authorizeEndpoint);
         } else {
             builder.appendPath("oauth2")
                     .appendPath("realms")
@@ -395,9 +404,16 @@ URL getAuthorizeUrl() throws MalformedURLException {
     }
 
     URL getTokenUrl() throws MalformedURLException {
+
+        String tokenEndpoint = serverConfig.getTokenEndpoint();
+
+        if(isAbsoluteUrl(tokenEndpoint)) {
+            return new URL(tokenEndpoint);
+        }
+
         Uri.Builder builder = Uri.parse(serverConfig.getUrl()).buildUpon();
-        if (isNotEmpty(serverConfig.getTokenEndpoint())) {
-            builder.appendEncodedPath(serverConfig.getTokenEndpoint());
+        if (isNotEmpty(tokenEndpoint)) {
+            builder.appendEncodedPath(tokenEndpoint);
         } else {
             builder.appendPath("oauth2")
                     .appendPath("realms")
@@ -409,9 +425,15 @@ URL getTokenUrl() throws MalformedURLException {
 
     URL getRevokeUrl() throws MalformedURLException {
 
+        String revokeEndpoint = serverConfig.getRevokeEndpoint();
+
+        if(isAbsoluteUrl(revokeEndpoint)) {
+            return new URL(revokeEndpoint);
+        }
+
         Uri.Builder builder = Uri.parse(serverConfig.getUrl()).buildUpon();
-        if (isNotEmpty(serverConfig.getRevokeEndpoint())) {
-            builder.appendEncodedPath(serverConfig.getRevokeEndpoint());
+        if (isNotEmpty(revokeEndpoint)) {
+            builder.appendEncodedPath(revokeEndpoint);
         } else {
             builder.appendPath("oauth2")
                     .appendPath("realms")
@@ -424,9 +446,15 @@ URL getRevokeUrl() throws MalformedURLException {
 
     URL getEndSessionUrl(String clientId, String idToken) throws MalformedURLException {
 
+        String sessionEndpoint = serverConfig.getEndSessionEndpoint();
+
+        if(isAbsoluteUrl(sessionEndpoint)) {
+            return new URL(sessionEndpoint);
+        }
+
         Uri.Builder builder = Uri.parse(serverConfig.getUrl()).buildUpon();
-        if (isNotEmpty(serverConfig.getEndSessionEndpoint())) {
-            builder.appendEncodedPath(serverConfig.getEndSessionEndpoint());
+        if (isNotEmpty(sessionEndpoint)) {
+            builder.appendEncodedPath(sessionEndpoint);
         } else {
             builder.appendPath("oauth2")
                     .appendPath("realms")
diff --git a/forgerock-auth/src/main/java/org/forgerock/android/auth/UserService.java b/forgerock-auth/src/main/java/org/forgerock/android/auth/UserService.java
index 9842ec3b..eda7a744 100644
--- a/forgerock-auth/src/main/java/org/forgerock/android/auth/UserService.java
+++ b/forgerock-auth/src/main/java/org/forgerock/android/auth/UserService.java
@@ -7,7 +7,9 @@
 
 package org.forgerock.android.auth;
 
+
 import android.net.Uri;
+
 import lombok.Builder;
 import okhttp3.Call;
 import okhttp3.OkHttpClient;
@@ -21,6 +23,7 @@
 import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URL;
+import static org.forgerock.android.auth.KotlinExtensionsKt.isAbsoluteUrl;
 
 /**
  * Service Client
@@ -84,9 +87,15 @@ public void onResponse(@NotNull Call call, @NotNull Response response) {
 
     private URL getUserInfoUrl() throws MalformedURLException {
 
+        String userInfoEndpoint = serverConfig.getUserInfoEndpoint();
+
+        if(isAbsoluteUrl(userInfoEndpoint)) {
+            return new URL(userInfoEndpoint);
+        }
+
         Uri.Builder builder = Uri.parse(serverConfig.getUrl()).buildUpon();
-        if (StringUtils.isNotEmpty(serverConfig.getUserInfoEndpoint())) {
-            builder.appendEncodedPath(serverConfig.getUserInfoEndpoint());
+        if (StringUtils.isNotEmpty(userInfoEndpoint)) {
+            builder.appendEncodedPath(userInfoEndpoint);
         } else {
             builder.appendPath("oauth2")
                     .appendPath("realms")
diff --git a/forgerock-auth/src/test/java/org/forgerock/android/auth/FROptionTest.kt b/forgerock-auth/src/test/java/org/forgerock/android/auth/FROptionTest.kt
index 84ddac78..bf9cca99 100644
--- a/forgerock-auth/src/test/java/org/forgerock/android/auth/FROptionTest.kt
+++ b/forgerock-auth/src/test/java/org/forgerock/android/auth/FROptionTest.kt
@@ -6,12 +6,18 @@
  */
 package org.forgerock.android.auth
 
+import androidx.test.ext.junit.runners.AndroidJUnit4
+import kotlinx.coroutines.runBlocking
 import okhttp3.OkHttpClient
+import okhttp3.mockwebserver.MockResponse
 import org.junit.Assert.assertFalse
 import org.junit.Assert.assertTrue
 import org.junit.Test
+import org.junit.runner.RunWith
+import java.net.HttpURLConnection
 
-class FROptionTest {
+@RunWith(AndroidJUnit4::class)
+class FROptionTest: BaseTest()  {
     @Test
     fun testDefaultBuilderOption() {
         class TestCustomLogger: FRLogger {
@@ -58,32 +64,6 @@ class FROptionTest {
         assertTrue(option.logger.logLevel == Logger.Level.ERROR)
         assertTrue(option.logger.customLogger == logger)
     }
-
-    @Test(expected = IllegalArgumentException::class)
-    fun testInValidConfigRealm() {
-        val option1 = FROptionsBuilder.build { server {
-            url = "https://stoyan.com"
-            realm = ""
-        }}
-        option1.validateConfig()
-    }
-
-    @Test(expected = IllegalArgumentException::class)
-    fun testInValidConfigCookieName() {
-        val option1 = FROptionsBuilder.build { server {
-            url = "https://stoyan.com"
-            cookieName = ""
-        }}
-        option1.validateConfig()
-    }
-
-    @Test(expected = IllegalArgumentException::class)
-    fun testInValidConfigUrl() {
-        val option1 = FROptionsBuilder.build { server {
-            url = ""
-        }}
-        option1.validateConfig()
-    }
     @Test
     fun testReferenceAndValue() {
         val option1 = FROptionsBuilder.build { server {
@@ -100,4 +80,34 @@ class FROptionTest {
         assertFalse(FROptions.equals(option1, option2))
         assertTrue(FROptions.equals(option2, option2))
     }
+
+    @Test
+    fun testDiscoverEndpoint() {
+        runBlocking {
+            server.enqueue(
+                MockResponse()
+                .setResponseCode(HttpURLConnection.HTTP_OK)
+                .addHeader("Content-Type", "application/json")
+                .setBody(getJson("/discovery.json")))
+
+            val option1 = FROptionsBuilder.build {
+                server {
+                    url = "https://auth.pingone.ca"
+                }
+                urlPath {
+                    authenticateEndpoint = "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as/authenticate"
+                    sessionEndpoint = "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as/session"
+                }
+            }
+            val copied = option1.discover("https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as/.well-known/openid-configuration")
+            assertTrue(copied.urlPath.authorizeEndpoint == "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as/authorize")
+            assertTrue(copied.server.url == "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as")
+            assertTrue(copied.urlPath.revokeEndpoint == "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as/revoke")
+            assertTrue(copied.urlPath.tokenEndpoint == "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as/token")
+            assertTrue(copied.urlPath.userinfoEndpoint == "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as/userinfo")
+            assertTrue(copied.urlPath.endSessionEndpoint == "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as/signoff")
+            assertTrue(copied.urlPath.sessionEndpoint == "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as/session")
+            assertTrue(copied.urlPath.authenticateEndpoint == "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as/authenticate")
+        }
+    }
 }
\ No newline at end of file
diff --git a/forgerock-auth/src/test/resources/discovery.json b/forgerock-auth/src/test/resources/discovery.json
new file mode 100644
index 00000000..cd94daae
--- /dev/null
+++ b/forgerock-auth/src/test/resources/discovery.json
@@ -0,0 +1,29 @@
+{
+  "issuer" : "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as",
+  "authorization_endpoint" : "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as/authorize",
+  "pushed_authorization_request_endpoint" : "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as/par",
+  "token_endpoint" : "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as/token",
+  "userinfo_endpoint" : "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as/userinfo",
+  "jwks_uri" : "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as/jwks",
+  "end_session_endpoint" : "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as/signoff",
+  "introspection_endpoint" : "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as/introspect",
+  "revocation_endpoint" : "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as/revoke",
+  "device_authorization_endpoint" : "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as/device_authorization",
+  "claims_parameter_supported" : false,
+  "request_parameter_supported" : true,
+  "request_uri_parameter_supported" : false,
+  "require_pushed_authorization_requests" : false,
+  "scopes_supported" : [ "openid", "profile", "email", "address", "phone" ],
+  "response_types_supported" : [ "code", "id_token", "token id_token", "code id_token", "code token", "code token id_token" ],
+  "response_modes_supported" : [ "pi.flow", "query", "fragment", "form_post" ],
+  "grant_types_supported" : [ "authorization_code", "implicit", "client_credentials", "refresh_token", "urn:ietf:params:oauth:grant-type:device_code" ],
+  "subject_types_supported" : [ "public" ],
+  "id_token_signing_alg_values_supported" : [ "RS256" ],
+  "userinfo_signing_alg_values_supported" : [ "none" ],
+  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512" ],
+  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
+  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512" ],
+  "claim_types_supported" : [ "normal" ],
+  "claims_supported" : [ "sub", "iss", "auth_time", "acr", "name", "given_name", "family_name", "middle_name", "preferred_username", "profile", "picture", "zoneinfo", "phone_number", "updated_at", "address", "email", "locale" ],
+  "code_challenge_methods_supported" : [ "plain", "S256" ]
+}
\ No newline at end of file
diff --git a/forgerock-core/src/main/java/org/forgerock/android/auth/KotlinExtensions.kt b/forgerock-core/src/main/java/org/forgerock/android/auth/KotlinExtensions.kt
index ce55e886..c217ea0f 100644
--- a/forgerock-core/src/main/java/org/forgerock/android/auth/KotlinExtensions.kt
+++ b/forgerock-core/src/main/java/org/forgerock/android/auth/KotlinExtensions.kt
@@ -1,11 +1,13 @@
 /*
- * Copyright (c) 2023 ForgeRock. All rights reserved.
+ * Copyright (c) 2023 - 2024 ForgeRock. All rights reserved.
  *
  *  This software may be modified and distributed under the terms
  *  of the MIT license. See the LICENSE file for details.
  */
 package org.forgerock.android.auth
 
+import java.net.URI
+import java.net.URISyntaxException
 import java.text.SimpleDateFormat
 import java.util.*
 
@@ -22,4 +24,15 @@ fun Long.convertToTime(pattern: String = "yyyyMMdd HH:mm:ss"): String {
     val date = Date(this)
     val simpleDateFormat = SimpleDateFormat(pattern, Locale.getDefault())
     return simpleDateFormat.format(date)
+}
+
+fun String?.isAbsoluteUrl(): Boolean {
+    return try {
+        this?.let {
+            val uri = URI(it)
+            uri.isAbsolute && uri.scheme != null && uri.host != null
+        } ?: false
+    } catch (e: URISyntaxException) {
+        false
+    }
 }
\ No newline at end of file
diff --git a/forgerock-core/src/test/java/org/forgerock/android/auth/ExtensionTest.kt b/forgerock-core/src/test/java/org/forgerock/android/auth/ExtensionTest.kt
new file mode 100644
index 00000000..421aa0ec
--- /dev/null
+++ b/forgerock-core/src/test/java/org/forgerock/android/auth/ExtensionTest.kt
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2024 ForgeRock. All rights reserved.
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+package org.forgerock.android.auth
+
+import junit.framework.TestCase.assertEquals
+import junit.framework.TestCase.assertFalse
+import junit.framework.TestCase.assertTrue
+import org.junit.Test
+
+class ExtensionTest {
+    @Test
+    fun testLongDateToString() {
+        val longTimeStamp: Long = 1672947404167 // 20230105 13:36:44
+        val actualResult = longTimeStamp.convertToTime().split(" ")
+        assertEquals(actualResult[0], "20230105")
+        assertTrue(actualResult[1].isNotEmpty())
+    }
+
+    @Test
+    fun testLongDateToStringWithDifferentPattern() {
+        val longTimeStamp: Long = 1672947404167
+        val actualResult = longTimeStamp.convertToTime("yyyyMMdd")
+        val expectedResult = "20230105"
+        assertEquals(actualResult, expectedResult)
+    }
+
+    @Test
+    fun testPoorManTernary() {
+        val list = listOf(1, 2, 3)
+        val case1 = (list.contains(1) then true) ?: false
+        assertTrue(case1)
+        val case2 = (list.contains(5) then true) ?: false
+        assertFalse(case2)
+    }
+
+    @Test
+    fun testIsAbsoluteUrl() {
+        val url = "https://www.example.com"
+        assertTrue(url.isAbsoluteUrl())
+    }
+
+    @Test
+    fun testIsNotAbsoluteUrlWithoutScheme() {
+        val url = "www.example.com"
+        assertFalse(url.isAbsoluteUrl())
+    }
+
+    @Test
+    fun testOnlyScheme() {
+        val url = "https://" // Invalid URL
+        assertFalse(url.isAbsoluteUrl())
+    }
+
+    @Test
+    fun testOnlySchemeAndPath() {
+        val url = "https://?value=test" // Invalid URL
+        assertFalse(url.isAbsoluteUrl())
+    }
+
+    @Test
+    fun testIsNotAbsoluteUrlWithInvalidUrl() {
+        val url = "/as/revoke"
+        assertFalse(url.isAbsoluteUrl())
+    }
+
+}
\ No newline at end of file
diff --git a/samples/app/src/main/java/com/example/app/AppNavHost.kt b/samples/app/src/main/java/com/example/app/AppNavHost.kt
index e2439b3b..728832d3 100644
--- a/samples/app/src/main/java/com/example/app/AppNavHost.kt
+++ b/samples/app/src/main/java/com/example/app/AppNavHost.kt
@@ -42,11 +42,13 @@ import com.example.app.webauthn.WebAuthnViewModel
 fun AppNavHost(navController: NavHostController,
                startDestination: String = Destinations.ENV_ROUTE) {
 
+    val envViewModel: EnvViewModel = viewModel<EnvViewModel>()
+
     NavHost(navController = navController,
         startDestination = startDestination) {
 
         composable(Destinations.ENV_ROUTE) {
-            val envViewModel = viewModel<EnvViewModel>()
+
             val preferenceViewModel = viewModel<PreferenceViewModel>(
                 factory = PreferenceViewModel.factory(LocalContext.current)
             )
@@ -69,7 +71,7 @@ fun AppNavHost(navController: NavHostController,
         }
         composable(Destinations.CENTRALIZE_ROUTE) {
             val centralizeLoginViewModel = viewModel<CentralizeLoginViewModel>()
-            Centralize(centralizeLoginViewModel)
+            Centralize(centralizeLoginViewModel, envViewModel.current)
         }
         composable(Destinations.MANAGE_WEBAUTHN_KEYS) {
             val webAuthnViewModel = viewModel<WebAuthnViewModel>(
diff --git a/samples/app/src/main/java/com/example/app/centralize/Centralize.kt b/samples/app/src/main/java/com/example/app/centralize/Centralize.kt
index 716f9c1a..37cd65a6 100644
--- a/samples/app/src/main/java/com/example/app/centralize/Centralize.kt
+++ b/samples/app/src/main/java/com/example/app/centralize/Centralize.kt
@@ -20,17 +20,20 @@ import androidx.compose.ui.unit.dp
 import androidx.fragment.app.FragmentActivity
 import androidx.lifecycle.viewmodel.compose.viewModel
 import com.example.app.Error
+import com.example.app.env.EnvViewModel
 import com.example.app.userprofile.UserProfile
 import com.example.app.userprofile.UserProfileViewModel
+import org.forgerock.android.auth.FROptions
 
 @Composable
-fun Centralize(centralizeLoginViewModel: CentralizeLoginViewModel) {
+fun Centralize(centralizeLoginViewModel: CentralizeLoginViewModel,
+               options: FROptions) {
 
     val activity = LocalContext.current as FragmentActivity
 
     LaunchedEffect(true) {
         //Not relaunch when recomposition
-        centralizeLoginViewModel.login(activity)
+        centralizeLoginViewModel.login(activity, options)
     }
 
     val state by centralizeLoginViewModel.state.collectAsState()
@@ -48,5 +51,4 @@ fun Centralize(centralizeLoginViewModel: CentralizeLoginViewModel) {
             Error(exception = this)
         }
     }
-}
-
+}
\ No newline at end of file
diff --git a/samples/app/src/main/java/com/example/app/centralize/CentralizeLoginViewModel.kt b/samples/app/src/main/java/com/example/app/centralize/CentralizeLoginViewModel.kt
index 62efa894..34a89c77 100644
--- a/samples/app/src/main/java/com/example/app/centralize/CentralizeLoginViewModel.kt
+++ b/samples/app/src/main/java/com/example/app/centralize/CentralizeLoginViewModel.kt
@@ -10,35 +10,50 @@ package com.example.app.centralize
 import androidx.browser.customtabs.CustomTabsIntent
 import androidx.fragment.app.FragmentActivity
 import androidx.lifecycle.ViewModel
+import androidx.lifecycle.viewModelScope
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.flow.update
+import kotlinx.coroutines.launch
+import org.forgerock.android.auth.FRAuth
 import org.forgerock.android.auth.FRListener
+import org.forgerock.android.auth.FROptions
 import org.forgerock.android.auth.FRUser
 
 class CentralizeLoginViewModel : ViewModel() {
 
     var state = MutableStateFlow(CentralizeState())
         private set
+    fun login(fragmentActivity: FragmentActivity, options: FROptions) {
+        if(options.server.url.contains("pingone")) {
+            viewModelScope.launch {
+                val option = options.discover(options.server.url + "/.well-known/openid-configuration")
+                FRAuth.start(fragmentActivity, option)
+                launch(fragmentActivity)
+            }
+        } else {
+            launch(fragmentActivity)
+        }
+    }
 
-    fun login(fragmentActivity: FragmentActivity) {
+    private fun launch(fragmentActivity: FragmentActivity) {
         FRUser.browser().appAuthConfigurer().customTabsIntent {
             it.setColorScheme(CustomTabsIntent.COLOR_SCHEME_DARK)
 
         }.done()
             .login(fragmentActivity,
-            object : FRListener<FRUser> {
-                override fun onSuccess(result: FRUser) {
-                    state.update {
-                        it.copy(user = result, exception = null)
+                object : FRListener<FRUser> {
+                    override fun onSuccess(result: FRUser) {
+                        state.update {
+                            it.copy(user = result, exception = null)
+                        }
                     }
-                }
 
-                override fun onException(e: Exception) {
-                    state.update {
-                        it.copy(user = null, exception = e)
+                    override fun onException(e: Exception) {
+                        state.update {
+                            it.copy(user = null, exception = e)
+                        }
                     }
-                }
-            })
+                })
     }
 
 }
\ No newline at end of file
diff --git a/samples/app/src/main/java/com/example/app/env/EnvViewModel.kt b/samples/app/src/main/java/com/example/app/env/EnvViewModel.kt
index 9810ea64..176105a7 100644
--- a/samples/app/src/main/java/com/example/app/env/EnvViewModel.kt
+++ b/samples/app/src/main/java/com/example/app/env/EnvViewModel.kt
@@ -135,6 +135,17 @@ class EnvViewModel : ViewModel() {
         }
     }
 
+    val pingOIdc = FROptionsBuilder.build {
+        server {
+            url = "https://auth.pingone.ca/02fb4743-189a-4bc7-9d6c-a919edfe6447/as"
+        }
+        oauth {
+            oauthClientId = "c12743f9-08e8-4420-a624-71bbb08e9fe1"
+            oauthRedirectUri = "org.forgerock.demo://oauth2redirect"
+            oauthScope = "openid email address phone profile"
+        }
+    }
+
     var current by mutableStateOf(dbind)
         private set
 
@@ -145,10 +156,13 @@ class EnvViewModel : ViewModel() {
         servers.add(local)
         servers.add(ops)
         servers.add(forgeblock)
+        servers.add(pingOIdc)
     }
 
     fun select(context: Context, options: FROptions) {
-        FRAuth.start(context, options)
+        if(options.server.url.contains("pingone").not()) {
+            FRAuth.start(context, options)
+        }
         current = options
     }