Establish a Secure REST API Connection for Oracle Identity Cloud Service (IDCS) Authentication
You need to establish a secure connection with the Live Experience REST API before you can work with any of the Live Experience REST operations. Retrieve a JSON Web Token (JWT) using the Live Experience auth endpoint and then use the JWT to authorize your subsequent REST operations.
- From your tenant administrator, get these details for your IDCS Confidential
Application:
- IDCS Stripe Base URL
- Client ID and Client Secret
- Concatenate the Client ID and the Client Secret, separated by a colon. For
example:
1u4fejhn9pi1gnikha4e:64e740ae-77e7-41a3-97a7-712ba7a9b9f0
- Encode the resulting string as base64 (using UTF-8 as the character encoding).
You can use any encoding utility you like (for example, https://www.base64decode.org). Here’s an example of the text string:
MXU0ZmVqaG45cGkxZ25pa2hhNGU6NjRlNzQwYWUtNzdlNy00MWEzLTk3YTctNzEyYmE3YTliOWYw
. - In your REST client, select a POST operation and specify this auth endpoint,
replacing <IDCS stripe base URL> with your IDCS base URL:
<IDCS stripe base URL>/oauth2/v1/token
- Add these values to the HTTP parameters of the POST request:
- grant_type:
client_credentials
- scope:
api/
- grant_type:
- Configure authorization by setting the Type to Basic
Auth, then provide your IDCS credentials.Note: The IDCS credentials are the Client ID and Client Secret that you got from the tenant administrator.
- Send the request to generate result. The operation results a HTTP value that
looks like this:
Authorization: Basic <Base64 encoded ClientID:Client Secret>
- Send the request. The operation returns a JSON value with access_token value set
to the IDCS signed JWT.Here’s a request sample in curl format:
curl -i -H 'Authorization: Basic OTljOGNjZGJhYjRjNDQ0YTlmNDUxZDZmYjc0Y2I2Y2I6YTEzM2U3ZWEtZWZjNS00YjY3LWJmMGUtOTBhNmQyZDNiZjM2' -H 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8' --request POST https://idcs-a05be02e3e9042cbbba8f3581d17bf9a.identity.c9dev2.oc9qadev.com/oauth2/v1/token -d 'grant_type=client_credentials&scope=api/'
- In your REST client, select a GET operation and specify one of these auth
endpoints, replacing
Tenant_Name
with your own tenant name:- Non EMEA users:
https://api.live.oraclecloud.com/v1/auth/Tenant_Name
- EMEA users:
https://api.emea.live.oraclecloud.com/v1/auth/Tenant_Name
- Non EMEA users:
- Add these values to the keys of the GET request:
- grant_type:
authorization_code
- code:
idcs_jwt
- grant_type:
- Add these Headers to your request:
- Accept:
application/json
- Origin: Insert a Live Experience domain URL. Don't include the protocol prefix.
- Accept:
- To configure authorization, set the Type to Bearer, then provide the IDCS JWT.
- Send the request to generate result. The operation results a HTTP value that
looks like this:
Authorization: Bearer <IDCS JWT>
- Send the request. Here's a request sample in curl format:
The operation returns a JSON value that looks like this:curl -k -X GET 'https://api.live.oraclecloud.com/v1/auth/TestTenantHere?grant_type=authorization_code&code=idcs_jwt' --header 'Accept: */*' --header 'Authorization: Bearer eyJ...SVbIgQ'
Copy { "access_token": "eyJhbGciOiJSUOpDBdG9... ...MmlTDEb4e0TQQK3yIpJEkJrRieA", "token_type": "Bearer", "expires_in": "1200" }
The key and values are:access_token
: The JWT (much longer than the example).token_type
: This is always bearer and can be ignored.expires_in
: The amount of time until the JWT token expires in seconds.
Results:
You'll use the value for access_token
in all your other requests.
Configure authentication in the REST client by setting the Type to Bearer
and enter the access_token
value for Token.
Your JWT expires in 1200 seconds, as indicated by the expires_in
key,
after which you need to generate a new one. Oracle recommends that you save the request
so you can easily access it as required.