Create or Renew OAuth Tokens to Deploy Your Extension

When the Oracle Cloud Applications instance in your environment is not in the same identity domain as your VB Studio instance, you use OAuth tokens to securely access the Oracle Cloud Applications instance and deploy your extension.

VB Studio leverages three-legged OAuth 2.0 flows to secure programmatic access to your Oracle Cloud Applications instance. OAuth tokens eliminate the use of passwords in service-to-service REST interactions and centralize trust management between clients and servers.
  1. OAuth tokens for an instance in a different identity domain can be created while adding the instance to an environment: simply add the instance with the Authorization Type set to OAuth 2.0. See Add an Oracle Cloud Applications instance to your environment.

    Before any OAuth tokens can be created, a one-time authorization must be provided to handle OAuth requests for your environment's Oracle Cloud Applications instance. VB Studio can automatically detect an instance being added from a different identity domain and will prompt you for authorization. Click Authorize, when prompted, then sign in with credentials to access the Oracle Cloud Applications instance.

    Note:

    It is recommended that you authorize your OAuth connection during initial configuration. If you skip this step, you won't be able to publish your changes from the Designer until the required authorization is provided.

    In addition to OAuth set up from the Environments page, OAuth can be configured in build jobs that deploy artifacts to your environment's instance, for example, in the deploy build job used by the Publish action in the Designer to deploy your extension. To configure this build job for OAuth, see Create a Deployment Build Job. OAuth is also supported in the delete build job used by an extension.

  2. OAuth tokens (access and refresh) are cycled during regular use. A refresh token is used to obtain an access token whenever a user accesses the target instance. This refresh token is typically valid for seven days. (The token expiration time is set in the IDCS resource app and may be different based on your security requirements.) If the user authenticates with the target instance within the seven-day period, the active refresh token generates a new access token and a new refresh token. This cycle continues indefinitely as long as the refresh token stays valid. If the refresh token expires during extended periods of inactivity (say, when you're away on vacation), you'll need to renew the access and refresh tokens.
    • To renew OAuth tokens from the Environments page, click Actions Three horizontal dots and select Renew OAuth Access.
    • To renew OAuth tokens from the Builds page, locate your deploy or delete build job, then on the Steps tab, click Renew Authorization. You can also run the job manually, so you'll be prompted to authorize any expired OAuth tokens.

    Note:

    Service administrators can control the OAuth access or refresh token's expiration in the IDCS resource app. To change this for Oracle Cloud Applications, you set the value in the Fusion Applications Cloud Service resource app under Oracle Cloud Services in your identity domain's resource app. See Edit High-Level Information for Oracle Applications.