Use JWT Token for Authorization
JSON Web Token (JWT) is a compact token format that lets you authorize yourself. A JWT token has the username and the expiration period for the token, and is passed by your client application to Oracle Fusion REST APIs. Note that JWT is only a way to share username to the server, but not a way to authenticate the user. You get the JWT token from your client application and is a Base64url encoded value.
Oracle Fusion lets you get a JWT access token through the Token Relay Service built for Web SSO. To access the service, go to https://<fusion app url>/fscmRestApi/tokenrelay from any browser and login into the service with valid credentials. The Token Relay Service returns a JSON response with the access token.
See below for a sample response with the JWT access token that you get from the Token Relay Service.
principal "User_Name"
expires_in 14400000
token_type "JWT"
access_token "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1dCI6Ik9aOVBxbnotd0xraERLclQwSEhBVDFVWE1GQSIsImtpZCI6InRydXN0c2VydmljZSJ9.eyJleHAiOjE1NDkwMzEzMzcsInN1YiI6IlNBTEVTX0FETUlOIi
wiaXNzIjoid3d3Lm9yYWNsZS5jb20iLCJwcm4iOiJTQUxFU19BRE1JTiIsImlhdCI6MTU0OTAxNjkzN30.iyehNURzZ6drKwrZ30wLMgjWZvNHjtPquB4OqY1URrjb7h_rbaSXyGHVjF83unThl4P9YDc2soTaTtyBTsEdnjHdbmhyTyNeJsaX
iyId9kQRc8aY7FKjc_KN0B4W4ehiZDz_C5Ju0Wj0Zbnws5ps0neBekKaBjz_QQOGKwpHPxcvJff4MqsCeLPZd3e7SdjY3mcOizkfaQergQY--pEYeGPqzmTaz_oTtDKrkG3DatRrWOPnlb4-I6TsYI9ccVxVshZMfhf9O0vP54SvDMfb56Vl3
FP-idskXXYoVVa0artLDE-0_npE0tGZdK-EvHmcyLcJsE7hvv2QnfDFnng"
The header details for the JWT token are below:
{ "alg": "RS256",
"typ": "JWT",
"x5t": "OZ9Pqnz-wLkhDKrT0HHAT1UXMFA",
"kid": "trustservice"
}
Below is a sample payload for the JWT token:
{
"exp": 1544058925,
"sub": "User_Name",
"iss": "www.oracle.com",
"prn": "User_Name",
"iat": 1544044525
}
In the payload, you must enter these details:
exp
: Expiration time for the tokensub
: User nameiss
: Issuer for the claimprn
: Primary subject for the claim
JWT is open source, and you can obtain a JWT token in many other ways. For example, you can use the following Groovy code in your code to get the token from Fusion Applications.
def jwt = new oracle.apps.fnd.applcore.common.SecuredTokenBean().getTrustToken();