3 Securing Authorizations in Oracle Cloud

This chapter describes when and how to use authorization grants. An authorization grant is a credential representing the resource owner's authorization (to access its protected resources) used by the client to obtain an access token. The OAuth 2.0 core specification describes different authorization grants. Oracle Cloud supports the following grant types: resource owner password credentials, client credentials, and user assertion.

OAuth Endpoints

OAuth endpoints are the URLs you use to make OAuth authentication requests. The OAuth server exposes a token endpoint that you use to obtain an access token. The format of the OAuth token endpoint URL is https://<idm-domain>.identity.<data-center>.oraclecloud.com/oauth/tokens. For example, if the tenant is tenant1, the data center is Chicago, and the data center code is us2, then the OAuth token endpoint URL is: https://tenant1.identity.us2.oraclecloud.com/oauth/tokens.

Topics:

• How Do I Use Authorization Grants

• Resource Owner Password Credentials Workflow

• Step by Step Workflow of the Resource Owner Password Credentials Grant

• Using REST API Calls for the Resource Owner Password Credentials Grant

• Client Credentials Workflow

• Step by Step Workflow of the Client Credentials Grant

• Using REST API Calls for the Client Credentials Grant

• User Assertion Workflow

• Using REST API Calls for the User Assertion Grant

• Successful Authorization

• Authorization Error