Manage External Application Access

Purpose: Use the Manage External Application Access page to create, review, and work with external applications that integrate with Order Management System using OAuth, and define the web services that use OAuth authentication for inbound web service requests to Order Management System.

Order Management System uses IDCS (Oracle Identity Cloud Service) or OCI IAM (Oracle Cloud Infrastructure Identity and Access Management) for authentication.

About OAuth: OAuth enables web service communication between applications using a token provided by IDCS or OCI IAM rather than a password, providing greater security. The requesting application first passes its:

•         Client ID: Similar to a user ID in that it identifies a client application to the authentication service, in this case IDCS or OCI IAM. You can create client IDs through the Manage External Application Access page, in IDCS or OCI IAM, or through other applications, such as Customer Engagement.

•         Client secret: A secure code that IDCS or OCI IAM creates for a client application, and that the client application passes to IDCS or OCI IAM for authentication. The client secret should be known only to the requesting application and to IDCS or OCI IAM.

When IDCS or OCI IAM receives the valid client ID and client secret, it then provides the token to the requesting application. The requesting application can then include the token in the web service request to the destination system, which validates the token with IDCS or OCI IAM.

For example, if your ecommerce system will communicate with Order Management System using OAuth, you can use this page to:

•         Create a client ID and secret, which you can then provide to the ecommerce system.

•         Create the associated web service authentication records for the ecommerce system.

With OAuth authentication:

The requesting system first passes a client ID and a client secret to an authenticating service, such as IDCS or OCI IAM.

•         The authenticating service, such as IDCS or OCI IAM, generates a short-lived token.

•         The requesting system submits the token to the destination system, rather than a password and user ID as with basic authentication.

•         The destination system validates the token and client ID.

The following is required in order to support OAuth with Omnichannel products:

•         The IDCS or OCI IAM client ID and client secret for the integrating system must be created through an Omnichannel cloud service, if it does not already exist.

•         The system receiving the web service request needs to have a record of the client ID with assigned access for the web service API.

•         A system sending the web service request needs to be able to request the token from IDCS or OCI IAM.

•         The system sending the web service request needs to include the token so the system receiving the web service request can validate the request.

About store locations and XOffice OnPrem: The XOffice OnPrem application differs from other applications in that it serves as the parent for any related store locations. Any store locations that are assigned a parent ID are not displayed at this page; instead, you configure external access for XOffice OnPrem, and this “parent” handles authentication for all related store locations.

When authentication is required for a request originating from any location associated with the XOffice OnPrem parent ID, the parent ID’s authentication credentials are used.

Example:                    XOffice OnPrem is the parent for location A.

For more information: See the Oracle Retail Omnichannel Web Service Authentication Configuration Guide on My Oracle Support (2728265.1) for web service authentication configuration instructions.

Note:             This option is delivered with the default SYSADMIN menu but is currently used only for Order Management System Cloud Service, so authority to the option is not normally required by any users.

How to display: Select Manage External Application Access from a menu.

Note:             ALLOW authority to the MEAA menu option is required for access to this page.

For more information:

•         Manage External Application Access Options for step-by-step instructions on the actions you can perform on the Manage External Application Access page.

•         Fields on Manage External Application Access for a description of the fields on the Manage External Application Access page.

________________________________

Copyright © 2023, Oracle and/or its affiliates. All rights reserved.
Legal Notices