1. Installation, Configuration, and Development Guide
  2. OAUTH PL/SQL Package Reference

10 OAUTH PL/SQL Package Reference

The OAUTH PL/SQL package contains procedures for implementing OAuth authentication using Oracle REST Data Services.

Related Topics

10.1 OAUTH.CREATE_CLIENT

Format

OAUTH.CREATE_CLIENT(
   p_name            VARCHAR2 IN,
   p_grant_type      VARCHAR2 IN,
   p_owner           VARCHAR2 IN DEFAULT NULL,
   p_description     VARCHAR2 IN DEFAULT NULL,
   p_allowed_origins VARCHAR2 IN DEFAULT NULL,
   p_redirect_uri    VARCHAR2 IN DEFAULT NULL,
   p_support_email   VARCHAR2 IN DEFAULT NULL,
   p_support_uri     VARCHAR2 IN DEFAULT NULL,
   p_privilege_names VARCHAR2 IN)

Description

Creates an OAuth client registration.

Parameters

p_name

Name for the client, displayed to the end user during the approval phase of three-legged OAuth. Must be unique.

p_grant_type

Must be one of authorization_code, implicit, or client_credentials.

p_owner

Name of the party that owns the client application.

p_description

Description of the purpose of the client, displayed to the end user during the approval phase of three-legged OAuth. May be null if p_grant_type is client_credentials; otherwise, must not be null.

p_allowed_origins

A comma-separated list of URL prefixes. If the list is empty, any existing origins are removed.

p_redirect_uri

Client-controlled URI to which redirect containing an OAuth access token or error will be sent. May be null if p_grant_type is client_credentials; otherwise, must not be null.

p_support_email

The email where end users can contact the client for support.

p_support_uri

The URI where end users can contact the client for support. Example: http://www.myclientdomain.com/support/

p_privilege_names

List of comma-separated privileges that the client wants to access.

Usage Notes

To have the operation take effect, use the COMMIT statement after calling this procedure.

Examples

The following example creates an OAuth client registration.

BEGIN
  OAUTH.create_client(
    'CLIENT_TEST',
    'authorization_code',
    'test_user',
    'This is a test description.',
    '',
    'https://example.org/my_redirect/#/',
    'test@example.org',
    'https://example.org/help/#/',
     'MyPrivilege'
    );
    COMMIT;
END;
/

10.2 OAUTH.DELETE_CLIENT

Format

OAUTH.DELETE_CLIENT(
   p_name VARCHAR2 IN);

Description

Deletes an OAuth client registration.

Parameters

p_name

Name of the client registration to be deleted.

Usage Notes

To have the operation take effect, use the COMMIT statement after calling this procedure.

Examples

The following example deletes an OAuth client registration.

BEGIN
  OAUTH.delete_client(
    'CLIENT_TEST'
    );
  COMMIT;
END;
/

10.3 OAUTH.GRANT_CLIENT_ROLE

Format

OAUTH.GRANT_CLIENT_ROLE(
   p_client_name VARCHAR2 IN,
   p_role_name   VARCHAR2 IN);

Description

Grant an OAuth client the specified role, enabling clients performing two-legged OAuth to access privileges requiring the role.

Parameters

p_client_name

Name of the OAuth client.

p_role_name

Name of the role to be granted.

Usage Notes

To have the operation take effect, use the COMMIT statement after calling this procedure.

Examples

The following example creates a role and grants that role to an OAuth client.

BEGIN
  ORDS.create_role(p_role_name => 'CLIENT_TEST_ROLE');

  OAUTH.grant_client_role(
    'CLIENT_TEST',
    'CLIENT_TEST_ROLE'
    );
  COMMIT;
END;
/

10.4 OAUTH.RENAME_CLIENT

Format

OAUTH.RENAME_CLIENT(
   p_name     VARCHAR2 IN,
   p_new_name VARCHAR2 IN);

Description

Renames a client.

Parameters

p_name

Current name for the client.

p_new_name

New name for the client.

Usage Notes

The client name is displayed to the end user during the approval phase of three-legged OAuth.

To have the operation take effect, use the COMMIT statement after calling this procedure.

Examples

The following example renames a client.

BEGIN
  OAUTH.rename_client(
    'CLIENT_TEST',
    'CLIENT_TEST_RENAMED'
    );
  COMMIT;
END;
/

10.5 OAUTH.REVOKE_CLIENT_ROLE

Format

OAUTH.REVOKE_CLIENT_ROLE(
   p_client_name  VARCHAR2 IN,
   p_role_name    VARCHAR2 IN);

Description

Revokes the specified role from an OAuth client, preventing the client from accessing privileges requiring the role through two-legged OAuth.

Parameters

p_client_name

Name of the OAuth client.

p_role_name

Name of the role to be revoked

Usage Notes

To have the operation take effect, use the COMMIT statement after calling this procedure.

Examples

The following example revokes a specified role from an OAuth client.

BEGIN
  OAUTH.revoke_client_role(
    'CLIENT_TEST_RENAMED',
    'CLIENT_TEST_ROLE'
    );
  COMMIT;
END;
/

10.6 OAUTH.UPDATE_CLIENT

Format

OAUTH.UPDATE_CLIENT(
  p_name             VARCHAR2 IN,
  p_description      VARCHAR2 IN,
  p_origins_allowed  VARCHAR2 IN,
  p_redirect_uri     VARCHAR2 IN,
  p_support_email    VARCHAR2 IN,
  p_suppor_uri       VARCHAR2 IN,
  p_privilege_names  t_ords_vchar_tab IN);

Description

Updates the client information (except name). Any null values will not alter the existing client property.

Parameters

p_name

Name of the client that requires the owner, description, origins allowed, support e-mail, support URI, and/or privilege modification.

p_description

Description of the purpose of the client, displayed to the end user during the approval phase of three-legged OAuth.

p_redirect_uri

Client-controlled URI to which a redirect containing the OAuth access token/error will be sent. If this parameter is null, the existing p_redirect_uri value (if any) is not changed.

p_support_email

The email address where end users can contact the client for support.

p_support_uri

The URI where end users can contact the client for support. Example: http://www.myclientdomain.com/support/

p_privilege_names

List of names of the privileges that the client wishes to access.

Usage Notes

To have the operation take effect, use the COMMIT statement after calling this procedure.

If you want to rename the client, use the OAUTH.RENAME_CLIENT procedure.

Example to Updates the Description of the Specified Client

The following example updates the description of the client with the name matching the value for p_name. 

BEGIN
  ORDS_METADATA.OAUTH.update_client(
    p_name => 'CLIENT_TEST_RENAMED',
    p_description => 'The description was altered',
    p_origins_allowed => null,
    p_redirect_uri => null,
    p_support_email => null,
    p_support_uri => null,
    p_privilege_names => null);
  COMMIT;
END;
/

Example 10-1 Example to Add Multiple Privileges

The following example adds a second privilege:

declare 
 my_privs t_ords_vchar_tab  := t_ords_vchar_tab (); 
begin 
 my_privs.EXTEND (3); 
 my_privs(1):='tst.privilege1'; 
 my_privs(2):='tst.privilege2'; 
. 
 oauth.update_client( 
    p_name => 'Test_Client', 
    p_owner => 'scott', 
    p_description => 'Description', 
    p_grant_type => 'client_credentials', 
    p_redirect_uri => '/abc/efg/', 
    p_privilege_names => my_privs); 
commit; 
end;

Related Topics