Use of OAuth in Oracle Cloud

The OAuth standard is used to implement authorization from one cloud service to another. This standard is used to secure commercial services like for example, Oracle Sales Cloud (a Software-as-a-Service), Oracle Java Cloud Service (a Platform-as-a-Service) and Oracle Storage Cloud Service (an Infrastructure-as-a-Service) in Oracle Cloud.

Your company has purchased a few Oracle Cloud services. In addition, it has its own on-premises applications and also some mobile applications. These services are exposed through APIs. OAuth increases security by eliminating the use of passwords, when one of the mentioned services talks to the other service. Instead, OAuth provides an access token for this communication, which is valid for a limited time. An access token contains the security credentials for a login session and identifies the user and the user's groups. For example, an on-premises application can obtain an access token (which is time-limited) to access an Oracle Cloud service. The on-premises application uses the access token to pass the user information securely to the Oracle Cloud service.

Representational State Transfer (REST) is a software architecture style consisting of guidelines and best practices for creating scalable web services. REST can also be used to expose cloud services. You can use the OAuth service to secure REST API calls in Oracle Cloud.

Benefits of Using OAuth

OAuth brings the following benefits to Oracle Cloud services:

  • There is no need to store the resource owner’s credentials (user name and password) for future use, because these credentials are stored in the access token.

  • The duration or access to any resource is restricted. The resource owner also can grant or deny access to the resource.

  • The OAuth service secures REST interactions between services, thus eliminating the use of passwords in service-to-service communications.

  • The OAuth service reduces lifecycle costs by centralizing trust management between clients and servers. OAuth reduces the number of configuration steps to secure service-to-service communication in environments with many services.