Create or Renew OAuth Tokens for Your Environment's Instances

When the Visual Builder instance in your environment is not in the same identity domain as your VB Studio instance, you use OAuth tokens to securely access the instance. You can also set up OAuth for an Oracle Cloud Applications instance, if you use one to access the built-in catalog of Oracle SaaS/PaaS REST services.

VB Studio leverages three-legged OAuth 2.0 flows to secure programmatic access to your instance. OAuth tokens eliminate the use of passwords in service-to-service REST interactions and centralize trust management between clients and servers.
  1. OAuth tokens for an instance in a different identity domain can be created while adding the instance to your environment.

    To create an environment with a Visual Builder instance set up for OAuth, see Create and Set Up a Project for Development. If you want to enable OAuth for an Oracle Cloud Applications instance in your environment, add the instance with the Authorization Type set to OAuth 2.0. See Add an Oracle Cloud Applications Instance to a Visual Application.

    Before any OAuth tokens can be created, a one-time authorization must be provided to handle OAuth requests for your environment's instance. VB Studio can automatically detect an instance being added from a different identity domain and will prompt you for authorization. Click Authorize, when prompted, then sign in with credentials to access the instance.

    Note:

    It is recommended that you authorize your OAuth connection during initial configuration. If you skip this step, you won't be able to publish your changes from the Designer until the required authorization is provided.

    In addition to OAuth set up from the Environments page, OAuth is the default authorization type used in build jobs that deploy artifacts to your environment’s instance, for example, in the deploy build job used by the Publish action in the Designer to deploy your visual application. See Configure the Deployment Job. Note that to use OAuth for deploying a visual application to the environment's Visual Builder instance, the Visual Builder instance must be added from the environment's Instance List as a resource linked to an OCI account—though the instance connection need not necessarily use OAuth.

    OAuth is also supported in other build jobs used to import and export data, lock, unlock, or roll back, or undeploy a visual application.

  2. OAuth tokens (access and refresh) are cycled during regular use. A refresh token is used to obtain an access token whenever a user accesses the target instance. This refresh token is typically valid for seven days. (The token expiration time is set in the IDCS resource app and may be different based on your security requirements.) If the user authenticates with the target instance within the seven-day period, the active refresh token generates a new access token and a new refresh token. This cycle continues indefinitely as long as the refresh token stays valid. If the refresh token expires during extended periods of inactivity (say, when you're away on vacation), you'll need to renew the access and refresh tokens.
    • To renew OAuth tokens for an instance from the Environments page, click Actions Three horizontal dots and select Renew OAuth Access.
    • To renew OAuth tokens for Deploy builds from the Builds page, locate your deploy build job, then on the Steps tab, click Renew Authorization. You can also run the job manually, so you'll be prompted to authorize any expired OAuth tokens.

    Note:

    Service administrators can control the OAuth access or refresh token's expiration in the IDCS resource app. For example, to change this for Oracle Cloud Applications, you set the value in the Fusion Applications Cloud Service resource app under Oracle Cloud Services in your identity domain's resource app. See Edit High-Level Information for Oracle Applications.