OAuth Client Credentials Flow (getAccessToken procedure)

OAuth Client Credentials Flow is widely supported by numerous Identity Providers and is used when REST API calls are made on behalf of an application. In this setup, multiple users share the same application for REST API calls. However, this may be unsuitable in cases where user-specific API calls are required. The OAuth User Assertion or OAuth Authorization Code Grant Flows are recommended for such scenarios.

This diagram illustrates the OAuth Client Credentials Grant Flow, showcasing how applications can make REST API calls on behalf of multiple users while highlighting its suitability and limitations in different scenarios.


This screenshot shows the OAuth Client Credentials Grant Flow access.

Advantages:

  • Broadly used and supported by most OAuth Identity Providers.
  • This is ideal when the plugin's access to the REST API is not tied to user-specific privileges. All users accessing the plugin share the same level of access, which is managed by the configuration on the Identity Provider side.

Process Workflow Summary:

  1. Add the OAuth Client Credentials application to the Configuration → Applications page.
  2. Configure an Identity Provider application that supports the OAuth Client Credentials Flow.
  3. Enter the credentials (Client ID, Client Secret, Scope, Identity Provider endpoint) on the Oracle Fusion Field Service side.
  4. Add the application to the plugin using the Edit Plugin page.
  5. Call the "getAccessToken" procedure from the plugin with this application in the procedure parameters.
  6. Obtain a JWT access token in the procedure response.
  7. Use the JWT access token for REST API request authorization.