Edit the Social Sign-In authentication scheme for an instance.
Social Sign-In supports authentication with Google, Facebook, and other social network that supports OpenID Connect or OAuth2 standards.
To edit Social Sign-In:
- Sign in to Oracle Application Express Administration Services.
- Click Manage Instance.
- Under Instance Settings, click Security.
- Scroll down to Development Environment Authentication
Schemes. The Status column indicates the authentication scheme designated as Current.
- Find Social Sign-In and click
Edit.The Edit Scheme page appears.
- Click Make Current Scheme to have applications identify and verify the user using this authentication scheme.
- Under Edit Authentication Scheme:
- PL/SQL Code - Enter a PL/SQL anonymous block of code that contains procedures for pre- and post-authentication entry points. To improve performance, you can also store this code in a PL/SQL package in the database.
- Pre-Authentication Procedure Name - Specify the name of a
procedure to be executed after the login page is submitted and just before
credentials verification is performed. The procedure can be defined in the
PL/SQL Code attribute or within the database.
Authentication schemes where user credentials checking is done outside of Application Express typically do not execute the Pre-Authentiation procedure. Examples include HTTP Header Variable, Oracle Application Server Single Sign-On and custom authentication schemes that use
- Post-Authentication Procedure Name - Specify the name of a
procedure to be executed by the Application Express
LOGINprocedure after the authentication step (login credentials verification). The
LOGINprocedure will execute this code after it performs its normal duties, which include setting a cookie and registering the session, but before it redirects to the desired application page. The procedure can be defined in the PL/SQL Code attribute or within the database.
- Under OAuth2 Credentials:
- Client ID - Enter the client ID of your authentication provider.
- Client Secret - Enter the client secret of your authentication provider.
- Confirm Client Secret - Enter the client secret of your authentication provider.
- Under Authentication Scheme Attributes:
Tip:To learn more about an attribute, see field-level Help.
- Authentication Provider - Select a provider.
- Discovery URL - Enter the OpenID Connect provider's discovery URL.
- Scope - Enter a comma separated list of permissions to request for the
user who is logging in. The acceptable values depend on your authentication
provider. For OpenID Connect and Google, Application Express automatically
adds the "openid" scope. The authentication provider returns user attributes
based on these permissions. You can use a Post Authentication procedure to
process these attributes, using the
- Authentication URI Parameters - Enter optional parameters for the authentication URI. Consult the authentication provider's documentation for supported parameters.
- Username Attribute - Enter the attribute which contains the username. Consult the authentication provider's documentation for supported attributes.
- Verify Username - If enabled, Oracle Application Express will look for an attribute "#username#_verified" (for example, "email_verified" for Username Attribute "email"). If this is set to false, the username will not be accepted.
- Additional User Attributes - Enter a comma separated list of additional user data attributes. Consult the authentication provider's documentation for supported attributes.
- Logout URL - Use this attribute to specify a URL to log out from your
authentication provider. For OpenID Connect, Application Express
automatically uses the end_session endpoint, if that is defined in the
Discovery URL. For others, you can use
#REDIRECT_URI#in the URL, to substitute the ID token that was returned when logging in and the full URL to /apex on your instance (for example,
https://www.example.com/apex/apex). Note that the redirect URI often has to be registered with your authentication provider.
- To save your changes, click Apply Changes.