1. Extending Oracle Cloud Applications with Visual Builder Studio
  2. Build an Extension
  3. Work With Services
  4. Set the Backend's Authentication Method and Connection Type

Set the Backend's Authentication Method and Connection Type

A backend represents an external system that has REST APIs you want to use in your App UI , and to access them, you'll need to specify the required authentication method and connection type for the access.

The authentication method determines how to obtain permission to access the REST APIs. The connection type (relevant to local servers only) determines how the REST APIs are reached: either directly through JavaScript, or through a server-side component called a proxy.

The dialogs for creating and editing a backend's server details allow you to:

  • Manage the credentials for accessing the service (if credentials are required).
  • Manage identity propagation of the end user logged into the App UI (if the service supports the standard IDCS OAuth flows).
  • Manage how your application connects to the service (via proxy or via Direct call).

To connect to a service that is available through HTTPS, authentication is not required, and there's no CORS requirement. The default setting of None for the Authentication field is sufficient. In this case, any end user (anonymous or authenticated) of the App UI can access the service.

To connect to a service that requires authentication, you need to select the appropriate authentication method from the Authentication list. There are two types of authentication methods that can be used for a backend, distinguished by whether the user’s identity is passed to the service (identity propagation) or not (fixed credentials). (Fixed credentials are never available for in-source servers.)

To provide flexibility in how service connections are established, you can use different authentication methods for your extension's development cycle, as well as for each Oracle Cloud Application instance to which your extension is deployed. If needed, you can use methods of different types between development phases.

Note:

Before you connect to a service, an administrator may need to configure the VB Studio environment settings for backend services, or the settings for the external service or identity provider.

For certain authentication types, your REST APIs might need CORS support for both VB Studio and Oracle Cloud Applications domains (as reflected in the tables shown in the next few topics.) If you don't have this setting in place, you'll see a CORS Preflight error when the REST API is called. The backends that are inherited from the Unified Application must be pre-configured for CORS to allow access to VB Studio.