Use JSON Web Token for Authorization

JSON Web Token (JWT) is a compact token format that lets you authorize yourself.

A JWT has the username and the expiration period for the token, and is passed by your client application to Oracle Applications Cloud REST APIs. Note that JWT is only a way to share username to the server, but not a way to authenticate the user. You get the JWT from your client application and it's a Base64url encoded value.

Oracle Applications Cloud lets you get a JWT through the Token Relay Service built for Web SSO. To access the service, go to https://<fusion app url>/fscmRestApi/tokenrelay from any browser and sign in with valid credentials. The Token Relay Service returns a JSON response with the access token.

Here's a sample response with the JWT that you get from the Token Relay Service.

principal    "User_Name"
expires_in    14400000
token_type    "JWT"
access_token    "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1dCI6Ik9aOVBxbnotd0xraERLclQwSEhBVDFVWE1GQSIsImtpZCI6InRydXN0c2VydmljZSJ9.eyJleHAiOjE1NDkwMzEzMzcsInN1YiI6IlNBTEVTX0FETUlOIi
wiaXNzIjoid3d3Lm9yYWNsZS5jb20iLCJwcm4iOiJTQUxFU19BRE1JTiIsImlhdCI6MTU0OTAxNjkzN30.iyehNURzZ6drKwrZ30wLMgjWZvNHjtPquB4OqY1URrjb7h_rbaSXyGHVjF83unThl4P9YDc2soTaTtyBTsEdnjHdbmhyTyNeJsaX
iyId9kQRc8aY7FKjc_KN0B4W4ehiZDz_C5Ju0Wj0Zbnws5ps0neBekKaBjz_QQOGKwpHPxcvJff4MqsCeLPZd3e7SdjY3mcOizkfaQergQY--pEYeGPqzmTaz_oTtDKrkG3DatRrWOPnlb4-I6TsYI9ccVxVshZMfhf9O0vP54SvDMfb56Vl3
FP-idskXXYoVVa0artLDE-0_npE0tGZdK-EvHmcyLcJsE7hvv2QnfDFnng"

When passing a JWT in a REST client such as Postman, you must select the Authorization Type as Bearer Token and enter the token value in the Token field, as shown in this screenshot:

JWT is open source, and you can get a JWT in many other ways. For example, you can use the following Groovy code in your code to get the token from Oracle Applications Cloud.

def jwt = new oracle.apps.fnd.applcore.common.SecuredTokenBean().getTrustToken();