How can I ensure readiness for the transition of Oracle Integration and Oracle Fusion Field Service authentication from BASIC to OAuth 2.0?

OIC makes use of IDCS or Identity Domains to authenticate the users and it is same IDCS / Identity Domains which will act as the identity provider for OAuth 2.0 for Oracle Fusion Field Service to OIC integration.

If you've an application that's configured with the Basic authentication fields, you can change it to an OAuth based authentication. For OIC applications with Basic authentication configurations, there's a provision to switch to OAuth 2.0 from the Modify Application page. You can choose the authentication type through the Modify Application page and provide the additional details before saving the application update. However, be aware that after you change an application from Basic authentication to OAuth, you can't change it back to Basic authentication.

Refer to the following steps to configure an integrated application within Oracle Identity Cloud Service (IDCS) to enable the OAuth User Assertion flow and issue access tokens for use by Oracle Fusion Field Service.

1. Navigate to the identity domain configuration in IDCS.
2. Select the Integrated Applications section from the left pane.
3. Click Add Application at the top of the page. The Add application dialog box appears.
4. In the Add application dialog box, select Confidential Application and click Launch Workflow. The Add Confidential Application dialog box appears.
5. Provide a name for your new application.
6. Click Submit.
7. Next, click Edit OAuth configuration to proceed to the Edit OAuth configuration step.
8. In the Client Configuration section, select Configure this application as a client now.
9. Select the JWT Assertion grant type in the Authorization section. Leave all other grant types unchecked. In this example, only one grant type is used, but real integrations may involve multiple grant types for a single application.
10. In the Client Type section, select Trusted. Trusted clients can generate self-signed user assertions using the Field Service certificate.
11. Import the Field Service signing certificate, which can be downloaded from: Configuration → Applications → Add Application (OAuth User Assertion support) → Download Certificate.
12. In the Allowed Operations section, optionally select On behalf of. This allows the client application to access endpoints the user can access, even if the client doesn't have direct access.
13. In the Token Issuance Policy section, select Add resources if you want your application to access the APIs of other applications.
14. In the Resources section, click Add Scope. A list of applications appears in the Add scope dialog box.
15. Select the scope of the target resource, such as Fusion Applications Cloud Service, and then click Add.
    The selected application is added to the Resource scope.

    Note: If Fusion Applications Cloud Service is not listed as a resource, it indicates that Fusion Service is not linked to the IDCS domain. In this case, you must create the integrated application in the domain linked to Fusion Service.
16. Click Finish to complete the creation of the integrated application.
17. After creation, ensure that you activate the newly created IDCS application.
18. Once activated, your application appears as configured and ready for integration.
    
    
    
    
    
    
    
    
    
    
    
19. Now, open your Oracle Fusion Field Service application and follow these steps to create a new OIC application.
20. Click Configuration > Applications.
21. On the Applications page, click Add Application.

    The image shows the Add Application dialog box.

    
    
    
22. Complete these fields:
    Note: To update the values in this dialog box, contact the Oracle Integration administrator.

    Field Name	Action
    Application Type	Select Oracle Integration from the drop-down list.
    Application Name	Enter the name of the application you're integrating. This name will be displayed on the Applications page.
    Host	Enter the host name of the Oracle Integration environment in the format servername.oraclecloud.com.
    User Name	Enter the user name which is used to log in to the Oracle Integration environment that has read/write permissions.
    IDCS URL	Enter the base URL of the Oracle Identity Cloud Service Admin console in the format https://example.identity.oraclecloud.com.
    Client ID	Enter the Client ID of the client application you've created in Oracle Identity Cloud Service.
    Client Secret	Enter the Client Secret of the client application you've created in Oracle Identity Cloud Service.
    Key ID	Provide the Certificate Alias you specified during the certificate import process while setting up the IDCS application. This alias serves as the Key ID. For more information see the Create a Connection topic in the Using the REST Adapter with Oracle Integration Generation 3 guide.
    Scope	Enter the scope of the Client Application that you've created in Oracle Identity Cloud Service. It must be in the format: https://applicationid.integration.ocp.oraclecloud.com:443urn:opc:resource:consumer::all

23. Add the private key generated during IDCS Client/JWT assertion step as the private key. This private key is used to configure the Oracle Identity Cloud Service application.
    This option requires clients to generate a private key and certificate pair for the flow to work. You can generate the private key in client's application using tools such as, OpenSSL, keytool, ssh-keygen. For more information, see the Create a Connection topic in the Using the REST Adapter with Oracle Integration Generation 3 guide.
24. Click Test Connection.
    The connection is tested and errors, if any, are displayed. Fix the errors and test the connection again.
25. Click Add.
    The new application is added to the Applications page.