OAuth User Assertion Flow (getAccessToken procedure)

You can use the OAuth User Assertion Flow to obtain an access to REST API on behalf of user that is logged in to Oracle Fusion Field Service using Single Sign On.

The diagram below illustrates the OAuth User Assertion Grant Flow, detailing the process of obtaining access to the REST API on behalf of a user logged in through Single Sign-On.

Advantages:

• Associates REST API access with specific user privileges.
• Suitable for scenarios requiring differentiation based on user credentials for REST API calls.

Process Workflow Summary:

1. Add the OAuth User Assertion application to the Configuration → Applications page.
2. Download the Field Service certificate. This certificate is used for upload to the Identity Provider side when you configure the IDCS application.
3. Configure the application on the Identity Provider to support the OAuth User Assertion Flow.
4. Enter credentials (Client ID, Scope, Identity Provider endpoint) on the Oracle Fusion Field Service side.
5. Add the application to the plugin using the Edit Plugin page.
6. Call the getAccessToken procedure from the plugin with this application in the procedure parameters.
7. Obtain a JWT access token in the procedure response.
8. Use the JWT access token for REST API request authorization.

Note: This flow may not work with certain Identity Providers that require additional parameters not outlined in the RFC standard. For example: Microsoft Identity Platform requires the "requested_token_use" parameter in the token request. In that case, the OAuth Authorization Code Grant Flow could be used as an alternative.