Using the Authenticate API to Develop a Custom Sign-in Page

This use case provides a step-by-step example of using the Oracle Identity Cloud Service Authenticate API to develop a custom sign-in page for Oracle Identity Cloud Service.

Note:

Use this Authenticate API only if you're building your own end-to-end login experience by developing a custom sign-in application to be used by Oracle Identity Cloud Servcice.

Note:

This Authenticate API can't be used to integrate your applications with Oracle Identity Cloud Service for single sign-on purposes.

See the Customize the Oracle Identity Cloud Service Sign-In Page Using the Authentication API tutorial.

The Authenticate API is based on the concept of a state machine. Request responses inform an application client what has to be done next rather than requiring users to have third-party cookies enabled in their browsers. Third-party cookies enabled in browsers can pose problems, especially for B2C applications where controls on end-user behavior can't be enforced. The requestState provided in each request response is used in the next request, providing the client with the information that it needs to process the request, and then provide the next set of operations allowed.

The Authenticate API can:

• Help you verify user name and password credentials for a user as the primary authentication.
• Support user enrollment with MFA factors enabled by the administrator
• Strengthen the security of password-based authentication using Multi-Factor Authentication (MFA) by requiring additional verification, such as using a time-based one-time passcode or an SMS passcode.
• Allow your users to select an external SAML or Social Identity Provider for authentication.

Note:

See the Oracle Identity Cloud Service Authentication API Postman collection for extensive authentication use case examples. Download the collection and the global variables file from the idcs-authn-api-rest-clients folder within GitHub and then import them into Postman.

The following example sets are included in this use case:

• Authenticating an External SAML Identity Provider
• Authenticating a Social SAML Identity Provider
• Authenticating with an External SAML Identity Provider and MFA
• Authenticating with User Name and Password
• Authenticating User Name and Password with TOU Consent
• Generating Access Token Using Authentication API
• Authenticating User Name and Password and Enrolling in Account Recovery
• Authenticating User Name and Password and Enrolling in Account Recovery and MFA
• Authenticating with User Name and Password and Enrolling in MFA
• Authenticating with User Name and Password and MFA

Authenticate and On-Demand MFA API Status Codes

• Authentication and On-Demand MFA API HTTP Status Codes
• Authentication and On-Demand MFA API Error Codes