Managing Authorization

Oracle Identity Cloud Service supports only token-based authorization. For security reasons, Oracle Identity Cloud Service REST APIs are not accessible using just the user name and password that you use to sign in to the administration console. To access the Oracle Identity Cloud Service REST APIs, you need an OAuth2 access token to use for authorization.

Oracle Identity Cloud Service APIs use the OAuth 2.0 protocol for authentication and authorization and support these common authorization scenarios:

• Web Server

• Mobile

• JavaScript applications

The Authorization section discusses the OAuth 2.0 scenarios that Oracle Identity Cloud Service supports.

An application must be registered as an OAuth 2 Client using the Oracle Identity Cloud Service administration console. OAuth clients are simply HTTP clients that can acquire and then use an access token. There are four steps that you must perform to use an OAuth client to access Oracle Identity Cloud Service REST APIs:

1. Log in to the Oracle Identity Cloud Service administration console using the user name and password found in your Welcome email.

2. Create an OAuth client application and make note of the client ID and client secret.

   Note:

   When you configure the OAuth client application, select the application roles that you want to assign to the application. This enables your application to access the REST APIs that each of those assigned application roles can access. Each application role has scopes assigned to it that define an even more fine-grain level of access to API operations. For example, select Identity Domain Administrator from the list. All REST API operations available to the Identity Domain Administrator will be accessible to the application.

3. Use the client ID and client secret to request an access token from the Oracle Identity Cloud Service OAuth Service.

4. Include the access token in the appropriate HTTP header when you make REST API calls.

More Information

• See Access Grant Types for more information on grant types.

• See Working with OAuth2 to Access the REST API to walk through the steps yourself.

• See AppRoles Required to Access Endpoint Operations for a list of all available endpoint operations and the application roles required to access them.

• See AppRoles That Can Be Granted to Clients and Users for a list of which AppRoles can be granted to both clients and users and which can only be granted to clients.