Identity Dataplane Functions
Package: DBMS_CLOUD_OCI_IDP_DATAPLANE
GENERATE_SCOPED_ACCESS_TOKEN Function
Based on the calling Principal and the input payload, derive the claims, and generate a scoped-access token for specific resources. For example, set scope to urn:oracle:db::id::<compartment-id> for access to a database in a compartment.
Syntax
FUNCTION generate_scoped_access_token (
generate_scoped_access_token_details dbms_cloud_oci_identity_dataplane_generate_scoped_access_token_details_t,
region varchar2 DEFAULT NULL,
endpoint varchar2 DEFAULT NULL,
credential_name varchar2 DEFAULT NULL
) RETURN dbms_cloud_oci_idp_dataplane_generate_scoped_access_token_response_t;
Parameters
Parameter | Description |
---|---|
|
(required) Scoped access token request |
|
(optional) OCI region id. e.g us-phoenix-1 for US West (Phoenix). |
|
(optional) The endpoint of the service to call using this function. e.g https://auth.{region}.{secondLevelDomain}.If both endpoint and region are given, then endpoint takes precedence. |
|
(optional) The name of the credential for authenticating with the corresponding cloud native API. |
GENERATE_USER_SECURITY_TOKEN Function
Exchanges a valid user token-based signature (API key and UPST) for a short-lived UPST of the authenticated user principal. When not specified, the user session duration is set to a default of 60 minutes in all realms. Resulting UPSTs are refreshable while the user session has not expired.
Syntax
FUNCTION generate_user_security_token (
generate_user_security_token_details dbms_cloud_oci_identity_dataplane_generate_user_security_token_details_t,
opc_request_id varchar2 DEFAULT NULL,
region varchar2 DEFAULT NULL,
endpoint varchar2 DEFAULT NULL,
credential_name varchar2 DEFAULT NULL
) RETURN dbms_cloud_oci_idp_dataplane_generate_user_security_token_response_t;
Parameters
Parameter | Description |
---|---|
|
(required) The key-value pair object storing the token exchange request parameters required to obtain a UPST for self. |
|
(optional) Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID. |
|
(optional) OCI region id. e.g us-phoenix-1 for US West (Phoenix). |
|
(optional) The endpoint of the service to call using this function. e.g https://auth.{region}.{secondLevelDomain}.If both endpoint and region are given, then endpoint takes precedence. |
|
(optional) The name of the credential for authenticating with the corresponding cloud native API. |