Oracle IDCS OAuth support for CPQ configuration

Starting 25C release, Oracle Commerce supports Oracle IDCS OAuth integration for CPQ Configuration. 

This feature provides enhanced security and standardizes the integration patterns with CPQ.

Steps to Enable

To enable IDCS OAuth for native integration for CPQ configuration:To enable IDCS OAuth for native integration for CPQ configuration:

  1. Enable IDCS OAuth Integration via API: Use the updateCloudConfiguration API to enable IDCS OAuth.
    API: PUT /ccadmin/v1/merchant/cloudConfiguration
    Payload:
    {
    "CPQConfigIDCSEnabled": true
    }




  2. Configure Self-Service CPQ Integration:
    • Go to Settings -> Oracle Integrations
    • Select Self Service CPQ from the integrations drop down
    • Enter your IDCS integration details

To enable IDCS OAuth for SSE based integration for CPQ configuration:

  1. Enable Native Integration for Configuration in the Admin Console.
    1. Log in to the Administration Console
    2. Navigate to: Settings->Oracle Integrations
    3. From the dropdown, select CPQ Configuration (Native)
    4. Enable the integration 

Note: Do not configure the "Preview Configuration" or "Production Configuration" sections.

  1. Create a Confidential Application(Client Application) with grant type as Client Credentials in IDCS with proper scope for CPQ set. CPQ supports the following scopes to access CPQ REST APIs: api, /api, <hosturl>/api, and <hosturl>api. Activate the application. Record the Client ID and Client Secret for the application. For information and details about creating IDCS applications, see Administering Oracle Identity Cloud Service.
  2. Set up the OAuth Provider in CPQ following the instructions in the section, “Use the Integration Center to Configure an OAuth Provider Integration (Oracle CPQ 22D and later)” in this document. Complete the Tenant Signing Certificate Setup by following steps in the document to validate the access token during inbound REST API calls. Use the Client ID and Client Secret from the General Information section on Configuration tab for the client app, CX Commerce. Ignore Client App Configuration and OpenID Connect from the above document, because they’re not needed for our integration.
  3. Register the following SSE environment variables: CPQ_IDCSENABLED, IDCS_CLIENTID and IDCS_CLIENTSECRET using the below Commerce Admin doCreateExtensionVariable REST API. CPQ_IDCSENABLED must be set to true to use IDCS OAuth.
  4. Download 25.7.0 version of cpq-configurator-app-store.zip from Administration Console->Design->Developer tab. Perform the following actions:
    • Unzip it
    • Edit the config.json and update the "idcsHostname" and "idcsCPQAppScope" variables to refer to the IDCS Host and the app scope for CPQ
    • Perform npm install
    • Create a zip of it.
  5. Upload the zipped SSE to SSE server using the Commerce Admin doSSEFileUploadMultipart REST API.

Tips And Considerations

  • When both are configured, IDCS OAuth for Native Configuration takes precedence over CPQ OAuth for Native Configuration.
  • For SSE based Configuration integration to work, either CPQ Configuration (iFrame) or CPQ Configuration (Native) has to be enabled.