Oracle Cloud Infrastructure Documentation

Identity Dataplane Functions

Package: DBMS_CLOUD_OCI_IDP_DATAPLANE

GENERATE_SCOPED_ACCESS_TOKEN Function

Based on the calling Principal and the input payload, derive the claims, and generate a scoped-access token for specific resources. For example, set scope to urn:oracle:db::id::<compartment-id> for access to a database in a compartment.

Syntax

FUNCTION generate_scoped_access_token (
  generate_scoped_access_token_details dbms_cloud_oci_identity_dataplane_generate_scoped_access_token_details_t,
  region varchar2 DEFAULT NULL, 
  endpoint varchar2 DEFAULT NULL,
  credential_name varchar2 DEFAULT NULL
) RETURN dbms_cloud_oci_idp_dataplane_generate_scoped_access_token_response_t;

Parameters

Parameter Description

generate_scoped_access_token_details

(required) Scoped access token request

region

(optional) OCI region id. e.g us-phoenix-1 for US West (Phoenix).

endpoint

(optional) The endpoint of the service to call using this function. e.g https://auth.{region}.{secondLevelDomain}.If both endpoint and region are given, then endpoint takes precedence.

credential_name

(optional) The name of the credential for authenticating with the corresponding cloud native API.

GENERATE_USER_SECURITY_TOKEN Function

Exchanges a valid user token-based signature (API key and UPST) for a short-lived UPST of the authenticated user principal. When not specified, the user session duration is set to a default of 60 minutes in all realms. Resulting UPSTs are refreshable while the user session has not expired.

Syntax

FUNCTION generate_user_security_token (
  generate_user_security_token_details dbms_cloud_oci_identity_dataplane_generate_user_security_token_details_t,
  opc_request_id varchar2 DEFAULT NULL,
  region varchar2 DEFAULT NULL, 
  endpoint varchar2 DEFAULT NULL,
  credential_name varchar2 DEFAULT NULL
) RETURN dbms_cloud_oci_idp_dataplane_generate_user_security_token_response_t;

Parameters

Parameter Description

generate_user_security_token_details

(required) The key-value pair object storing the token exchange request parameters required to obtain a UPST for self.

opc_request_id

(optional) Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.

region

(optional) OCI region id. e.g us-phoenix-1 for US West (Phoenix).

endpoint

(optional) The endpoint of the service to call using this function. e.g https://auth.{region}.{secondLevelDomain}.If both endpoint and region are given, then endpoint takes precedence.

credential_name

(optional) The name of the credential for authenticating with the corresponding cloud native API.