1. Using the SOAP Adapter with Oracle Integration 3
  2. SOAP Adapter Concepts
  3. Authenticate Requests for Invoking Oracle Integration Flows
  4. About Requests to Invoke Integrations

About Requests to Invoke Integrations

All integrations using this adapter as a trigger connection are protected by default using HTTP Basic Authentication and OAuth token-based authentication.

You currently can authenticate your requests to invoke integrations in either of the following ways:
  • Using HTTP Basic Authentication by sending the credentials of the user (that is, created in Oracle Identity Cloud Service) through the HTTP authorization header
  • Sending an OAuth access token in the header while invoking an Oracle Integration endpoint after acquiring the access token from Oracle Identity Cloud Service that serves as the OAuth authorization provider

You must have the ServiceUser role in Oracle Identity Cloud Service to invoke integrations.

Invoke Integration Endpoints Using HTTP Basic Authentication

This authentication method allows the credentials belonging to an Oracle Integration user to send the request to invoke an integration. You must create this user in the Oracle Integration identity provider Oracle Identity Cloud Service and ensure that the user was granted the role for invoking an integration.

The user can be:

  • Human - representing a business user such as a sales representative, technician, or any other person for invoking an integration
  • Nonhuman - representing a service integration account used by an external client application for invoking an integration

Even though it's easy to implement the authentication scheme, this is the least secure way to send a request to Oracle Integration for invoking an integration. Also, Oracle Integration doesn't recommend this authentication scheme.

In addition, the customer must ensure the credentials, when reset, are provided to the client application that invokes the integration to ensure a new set of credentials are being used from then on.

Assign appropriate user(s) to the various Oracle Integration roles. For standard/production configurations, use the ServiceUser role. (See Oracle Integration Roles in Provisioning and Administering Oracle Integration 3.)

  1. From the actions menu menu on the Oracle Cloud Infrastructure home page, select Identity & Security, then select Federation.
  2. In the Federation table, click OracleIdentityCloudService.
  3. In the Oracle Identity Cloud Service Console field, click the URL.
  4. Click the applications page icon.
    Image shows the Applications and Services link. The total number of applications and the link to access the applications page are shown.

  5. Click the application.
  6. To assign a user, go to the Application Roles section of Oracle Identity Cloud Service.
    Description of oauth_grant1.png follows
    Description of the illustration oauth_grant1.png

  7. Make a request to trigger an endpoint.
    curl --location --request GET 'https://OIC host/OIC endpoint' \
--header 'Authorization: Basic <base64-encoded username:password>'

Invoke Integration Endpoints Using OAuth Token-Based Authentication

This authentication scheme allows the external client to acquire a token that is also sent as part of the request sent to invoke an integration.

The most important step for an application in the OAuth flow is how the application receives an access token (and optionally a refresh token). A grant type is the mechanism used to retrieve the token. OAuth defines several different access grant types that represent different authorization mechanisms.

Applications can request an access token to access protected endpoints in different ways, depending on the type of grant type specified in the Oracle Identity Cloud Service application. A grant is a credential representing the resource owner's authorization to access a protected resource.

The following sections discuss the various grant types and their pros/cons, along with instructions on how to configure the specific grant type.