8.1 Register the Database in OCI IAM

Register Oracle AI Database as a confidential application in your OCI IAM identity domain.

This application serves two roles:
  • Resource server: Allows other applications to request tokens scoped to the database.
  • Client: Allows the database to obtain an access token to fetch the IAM public signing keys for token validation.
  1. Navigate to your identity domain.
    1. Log in to the OCI Console.
    2. In the search bar, type domain and select Domains under Services.
    3. Select your identity domain (for example, Default), or click Create domain to create a new one.
    4. On the domain's Details page, copy and save the Domain URL for later use (for example, https://idcs-<unique_id>.identity.oraclecloud.com:443).
  2. Create a confidential application for the database.
    1. In the domain, click the Integrated applications tab.
    2. Click Add application, select Confidential Application, and click Launch workflow.
    3. Enter a name for the application (for example, OracleDB) and an application URL.
    4. Click Submit.
  3. Configure the application as a resource server.
    1. On the application page, click the OAuth configuration tab.
    2. In the Edit OAuth configuration section, under Resource server configuration, select Configure this application as a resource server now.
    3. Under Primary audience, enter OracleDB.
    4. Toggle Add scopes on. Click Add and create a scope:
      • Scope: Enter DB_ACCESS_SCOPE.
      • Display name: Enter DB Access.
      • Description: Enter Access the database.
  4. Configure the application as a client.
    The database must also be configured as a client, so it can obtain an access token to retrieve the IAM public signing keys.
    1. Under Client configuration, select Configure this application as a client now.
    2. Under Authorization, select Client credentials.
  5. Activate the application.
    Click Actions in the top-right corner, and select Activate.
  6. Record the following values for database configuration.
    1. On the application page, click the Details tab, and copy the Application ID.
    2. Click the OAuth configuration tab, scroll to General Information, and copy the Client ID and Client secret.

You have now registered the database in OCI IAM as both a resource server (with an audience and scope) and a client. Other applications can now request tokens scoped to this database resource.

See also:

Adding a Confidential Application in the OCI IAM documentation.