1. Securing HCM
  2. Configure Outbound API Authentication Using JWT Custom Claims

Configure Outbound API Authentication Using JWT Custom Claims

A system account is an account used for integrating Oracle Applications Cloud with third-party applications. This account isn't associated with a user but it must have roles with access to REST APIs.

System account uses basic authentication to authenticate users even if single sign-on is enabled. Security Console's password policy applies to a system account and so the password of this account expires based on the password policy.

Critical tasks such as batch operations or data synchronizations must continue without any interruption or the need to re-authenticate at intervals. To support such tasks, you need to define custom parameters for authentication. Using Security Console, you can define a JSON Web Token (JWT) that can be used by REST APIs to automate system authentication without you having to authenticate manually.

JWT is an access token that contains custom claim name and claim values. Custom claims are name and value pairs that you can define in a JWT. To uniquely identify a user, you can add the user's email address to the token along with the standard user name and password.

Example, suppose you want to integrate Oracle Applications Cloud with a third-party application. This integration uses the JWT Custom Claims to authenticate the users who sign into Oracle Applications Cloud to access the third-party application.

Do these steps to define a JWT that will be used for integration with third-party application:

  1. On the Security Console, click API Authentication.

  2. Click Create External Client Application, Edit.

  3. Enter a name and description for the external client application that you want to create.

  4. In the Select Client Type drop-down list, select JWT Custom Claims and click Save and Close.

  5. Click the JWT Custom Claims Details tab and click Edit.

  6. In the Token Settings section, if required, update the Token Expiration Time and Signing Algorithm. Default values are 30 minutes and RS256 respectively.

  7. Click Save.

  8. In the JWT Custom Claims section, click Add. You can either select a name from the predefined values in the drop-down list or select Other and enter a name of your choice.

  9. Select a value for the custom claim. If you select Free-form, enter the value in the following text box. You can add more JWT custom claims using the Add button.

  10. Click Save. You can add more parameters as required.

  11. Click Done to return to the JWT Custom Claims Details page.

    You can view the token created for authentication using the View JWT button on the JWT Custom Claims Details page. The View JWT window displays the header and payload of the JWT.

  12. Click Done again to return to the API Authentication page. You can view the newly created JWT Custom Claim in this page.

You can delete a JWT custom claim on the API Authentication page.