Generate Tokens for Confidential Applications

When you create a confidential application and you configure the client to use the JWT Assertion grant type, you can generate access tokens at any time using the Identity Cloud Service console.

Prerequisite: An existing trusted application in Oracle Identity Cloud Service with the client configured to use the JWT Assertion grant type and activated.
  1. In the Identity Cloud Service console, expand the Navigation Drawer, and then click Applications.
  2. Click the confidential application for which you want to generate an access token.
  3. Click Generate Access Token.
  4. In the Generate Token pop-up window, use the following table to configure which scopes should be included in the access token:
    Option Description
    Available Scopes

    Click Available Scopes to get the access token to access any resources configured for the application.

    If the scopes are defined from multiples resource servers, the token cannot be generated. Use the Customized Scopes option and make sure that the selected scopes are from the same resource server.

    Customized Scopes using Invokes Identity Cloud Service APIs
    1. Click Customized Scopes and Invokes Identity Cloud Service APIs.

    2. From the list of all the roles that are assigned to the client application you can select those roles that you want to include or remove to limit the scopes to be populated in the resulting token.

    Customized Scopes using Invokes Other APIs
    1. Click Customized Scopes and Invokes Other APIs.

    2. The UI displays a list of all the scopes assigned to the application. You can select any desired scopes as long as those scopes are from the same resource server.

    Include Refresh Token

    If the Refresh Token grant type is configured for your client application and the resource server which the scopes belong to allows the refresh token to be generated, the Include Refresh Token check box is enabled to be used. The refresh token is used to obtain a new access token without requiring the user to reauthenticate.

  5. Click Download Token.


    The downloaded token gets saved as a tokens<n>.tok file in the download folder of your browser.