Configure a Trusted Application to Authenticate with OAuth

Before you can use the REST API with OAuth in Oracle Integration, you need to register your Oracle Integration instance as a trusted application in Oracle Identity Cloud Service.

Register a trusted application for every Oracle Integration instance that you want to access through the REST API.

You need Identity Domain Administrator or Application Administrator credentials to perform this task.

  1. Access your Oracle Identity Cloud Service instance.

    To find the Oracle Identity Cloud Service administrative console URL for your Oracle Integration:
    1. Go to the URL for your Oracle Integration instance.

      For example, if your Oracle Integration instance is https://myhost.example.com/ic/home, when you go to that URL, you are redirected to an URL such as https://idcs-c2881.identity.myhost.example.com/ui/v1/signin.

    2. Replace /signin with /adminconsole to go to the Oracle Identity Cloud Service.

      For example: https://idcs-c2881.identity.myhost.example.com/ui/v1/adminconsole. You'll be prompted to sign in again and will be signing in to the administrative console.

    3. Log in to your Oracle Identity Cloud Service administrative console with your Identity Domain Administrator credentials.
  2. Add a trusted application for your Oracle Integration instance.
    1. In Oracle Identity Cloud Service, from the menu, click Applications, then Add.
    2. Select Trusted Application as the type of application.
    3. Enter an application name, then click Next.
    4. Select Configure this application as a client now .
    5. On the Authorization page, select the following fields:

      • In Allowed Grant Types, select: Refresh Token and Authorization Code. Make sure you select Refresh Token because otherwise, clients will not be able to refresh expired tokens.
      • In Redirect URL, specify the URL of the application where responses to authentication requests are sent. This is the callback URL for your application where the authorization code and authorization token will be sent.
      • In Client Type, select Confidential.
      • In Allowed Operations, select On behalf Of. This allows the trusted application to get a token and create a token on behalf of the user who is logged in.
      • In Accessing APIs from Other Applications, select Allowed scopes. This specifies which resources the trusted application can access.

        • In Allowed Scopes, click Add, select your Oracle Integration instance from the list. Your instance name will be the instance ID. Click Add.

      The following image displays the Client Configuration in the trusted application.


      images/add_trusted.png
    6. Click Next.
    7. In Expose APIs to Other Applications, select Configure this application as a resource server now.

      • In Access Token Expiration, change the default expiration time of 3600 seconds(1 hour) if desired.
      • In Primary Audience, specify the host on which the Oracle Integration is running. You can find out this information from the URL that you use to access the Oracle Integration user interface.

        For example, if your Oracle Integration instance is https://myhost.example.com/ic/home, your host name is myhost.example.com. Specify myhost.example.com:443 as the Primary Audience value. This is where the access token will be sent.

      • In the Allowed Scopes section, you don't need to add any additional scopes because the scope you added in the Client Configuration is enough to access all the resources.

      The following image displays the Resources configuration in the trusted application.


      images/add_trusted_resources.PNG
    8. Click Next and skip sections until you get to Finish.
    9. Copy the Client ID and the Client Secret that are displayed in the confirmation window, and then click Close.
    10. Click Activate in the upper-right section of the page to activate the application.

Next step: Use OAuth with REST API Calls