Generating Access Token Using Authentication API
This use case provides a step-by-step example of using the Oracle Identity Cloud Service to generate access token using authentication API. The user gets user information through Me Access Token using Authentication API.
Note:
Use this Authenticate API only if you're building your own end-to-end login experience by developing a custom sign-in application to be used by Oracle Identity Cloud Servcice.Note:
This Authenticate API can't be used to integrate your applications with Oracle Identity Cloud Service for single sign-on purposes.Note:
See the Oracle Identity Cloud Service Authentication API Postman collection for extensive authentication use case examples. Download the collection and the global variables file from the idcs-authn-api-rest-clients folder within GitHub and then import them into Postman.Step 1: Begin the Authentication Flow
When the user tries to access an application that is associated with TOU, IDCS server uses the application name to fetch the policy that is assigned to this application. Based on the tenant settings, the server gets the IDP and authentication policy and then guides the user to the next step.
Response Example
The following example shows the contents of the response in JSON format:
{
"status": "success",
"ecId": "5fR1O171000000000",
"nextOp": [
"credSubmit"
],
"nextAuthFactors": [
"USERNAME_PASSWORD"
],
"USERNAME_PASSWORD": {
"credentials": [
"username",
"password"
]
},
"requestState": "BC4LO/oKGHPryRorg...FEmtjUykWhOFZ5ZM"
}
Step 2: Submit the User's Credentials
authnToken
. The following must be included in the request:
-
credentials:
user name and password -
requestState:
received in the Step 1 response -
op:
tells the server what kind of operation the client wants
AuthnToken
is the id_token in JWT format which represents the current user information, session and request data. This is used to create an SSO session cookie and redirect to the target URL.If the username and password are valid, theAuthnToken
is retrieved.
Request Example
The following example shows the contents of the POST request in JSON format to the /sso/v1/sdk/authenticate
endpoint:
{
"op":"credSubmit",
"credentials":{
"username":"admin@oracle.com",
"password":"Welc0me@1"
},
"requestState": "{{requestState}}"
}
Response Example
The following example shows the contents of the response in JSON format where the AuthnToken
is retrieved:
Response Example:
{
"authnToken": "eyJ4NXQjUzI1NiI6Iks0R0hvZ...ZLjOZmKAvORB8OaV1Xqt1GL3tx1kyWA",
"status": "success",
"ecId": "5fR1O171000000000"
}
Step 3:Generate Access Token
After you retrieve an AuthnToken
, it is used to get access token from OAuth server.
Request Example
The following example shows the contents of the request in JSON format:
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&scope=urn:opc:idm:__myscopes__&assertion={{authnToken}}
Response Example
The following example shows the contents of the response in JSON format:
{
"access_token": "eyJ4NXQjUzI1NiI6Iks0R0hvZV..._Txr0XBW2V2rtXVDGvc2R6anYg",
"token_type": "Bearer",
"expires_in": 7600
}
Step 4: Obtain User Information
The user submits the access token to obtain their information such as user name, display name, email id, etc.
Request Example
The following example shows the contents of the request in JSON format.
{{HOST}}/admin/v1/Me
Response Example
The following example shows the contents of the response in JSON format with user information.
{
"idcsCreatedBy": {
"type": "App",
"display": "idcssm",
"value": "4ba14c4be74d48d497da6ce651209a06",
"$ref": "https://docteam.identity.internal.oracle.com:8943/admin/v1/Apps/4ba14c4be74d48d497da6ce651209a06"
},
"id": "de94e8399a0e4f23ac52fc681f5fb828",
"meta": {
"created": "2018-12-12T09:46:53.646Z",
"lastModified": "2018-12-13T10:35:32.604Z",
"resourceType": "Me",
"location": "https://docteam.identity.internal.oracle.com:8943/admin/v1/Me/de94e8399a0e4f23ac52fc681f5fb828"
},
"active": true,
"displayName": "admin opc",
"idcsLastModifiedBy": {
"value": "6567bac90beb4e65a2eb3b280b2f0d1f",
"display": "idcssso",
"type": "App",
"$ref": "https://docteam.identity.internal.oracle.com:8943/admin/v1/Apps/6567bac90beb4e65a2eb3b280b2f0d1f"
},
"nickName": "TAS_TENANT_ADMIN_USER",
"userName": "admin@oracle.com",
"urn:ietf:params:scim:schemas:oracle:idcs:extension:user:User": {
"isFederatedUser": false
},
"emails": [
{
"verified": false,
"primary": false,
"secondary": false,
"value": "admin@oracle.com",
"type": "recovery"
},
{
"verified": false,
"primary": true,
"secondary": false,
"value": "admin@oracle.com",
"type": "work"
}
],
"urn:ietf:params:scim:schemas:oracle:idcs:extension:userState:User": {
"locked": {
"on": false
}
},
"name": {
"formatted": "admin opc",
"familyName": "opc",
"givenName": "admin"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:oracle:idcs:extension:user:User",
"urn:ietf:params:scim:schemas:oracle:idcs:extension:userState:User"
]
}