Use JWT Token for Authorization

JSON Web Token (JWT) is a compact token format that lets you authorize yourself. A JWT token has the username and the expiration period for the token, and is passed by your client application to Oracle Engagement Cloud Knowledge REST APIs. Note that JWT is only a way to share username to the server, but not a way to authenticate the user. You get the JWT token from your client application and is a Base64url encoded value.


We highly recommend that you use JWT tokens for authorizing users for Oracle Engagement Cloud Knowledge REST APIs.

Oracle Engagement Cloud lets you get a JWT access token through the Token Relay Service built for Web SSO. To access the service, go to https://<fusion app url>/fscmRestApi/tokenrelay from any browser and login into the service with valid credentials. The Token Relay Service returns a JSON response with the access token.

See below for a sample response with the JWT access token that you get from the Token Relay Service.

principal    "User_Name"
expires_in    14400000
token_type    "JWT"
access_token    "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1dCI6Ik9aOVBxbnotd0xraERLclQwSEhBVDFVWE1GQSIsImtpZCI6InRydXN0c2VydmljZSJ9.eyJleHAiOjE1NDkwMzEzMzcsInN1YiI6IlNBTEVTX0FETUlOIi

The header details for the JWT token are below:

{  "alg": "RS256",
  "typ": "JWT",
  "x5t": "OZ9Pqnz-wLkhDKrT0HHAT1UXMFA",
  "kid": "trustservice"

Below is a sample payload for the JWT token:

  "exp": 1544058925,
  "sub": "User_Name",
  "iss": "",
  "prn": "User_Name",
  "iat": 1544044525

In the payload, you must enter these details:

  • exp: Expiration time for the token
  • sub: User name
  • iss: Issuer for the claim
  • prn: Primary subject for the claim

JWT is open source, and you can obtain a JWT token in many other ways. For example, you can use the following Groovy code in your code to get the token from Engagement Cloud Applications.

def jwt = new oracle.apps.fnd.applcore.common.SecuredTokenBean().getTrustToken();