6 OAUTH PL/SQL Package Reference
Related Topics
6.1 OAUTH.CREATE_CLIENT
Format
OAUTH.CREATE_CLIENT( p_name VARCHAR2 IN, p_grant_type VARCHAR2 IN, p_owner VARCHAR2 IN DEFAULT NULL, p_description VARCHAR2 IN DEFAULT NULL, p_allowed_origins VARCHAR2 IN DEFAULT NULL, p_redirect_uri VARCHAR2 IN DEFAULT NULL, p_support_email VARCHAR2 IN DEFAULT NULL, p_support_uri VARCHAR2 IN DEFAULT NULL, p_privilege_names VARCHAR2 IN)
Description
Creates an OAuth client registration.
Parameters
- p_name
-
Name for the client, displayed to the end user during the approval phase of three-legged OAuth. Must be unique.
- p_grant_type
-
Must be one of
authorization_code
,implicit
, orclient_credentials
. - p_owner
-
Name of the party that owns the client application.
- p_description
-
Description of the purpose of the client, displayed to the end user during the approval phase of three-legged OAuth. May be null if
p_grant_type
isclient_credentials
; otherwise, must not be null. - p_allowed_origins
-
A comma-separated list of URL prefixes. If the list is empty, any existing origins are removed.
- p_redirect_uri
-
Client-controlled URI to which redirect containing an OAuth access token or error will be sent. May be null if
p_grant_type
isclient_credentials
; otherwise, must not be null. - p_support_email
-
The email where end users can contact the client for support.
- p_support_uri
-
The URI where end users can contact the client for support. Example:
http://www.myclientdomain.com/support/
- p_privilege_names
-
List of comma-separated privileges that the client wants to access.
Usage Notes
To have the operation take effect, use the COMMIT statement after calling this procedure.
Examples
The following example creates an OAuth client registration.
BEGIN OAUTH.create_client( 'CLIENT_TEST', 'authorization_code', 'test_user', 'This is a test description.', '', 'https://example.org/my_redirect/#/', 'test@example.org', 'https://example.org/help/#/', 'MyPrivilege' ); COMMIT; END; /
6.2 OAUTH.DELETE_CLIENT
Format
OAUTH.DELETE_CLIENT( p_name VARCHAR2 IN);
Description
Deletes an OAuth client registration.
Usage Notes
To have the operation take effect, use the COMMIT statement after calling this procedure.
Examples
The following example deletes an OAuth client registration.
BEGIN OAUTH.delete_client( 'CLIENT_TEST' ); COMMIT; END; /
6.3 OAUTH.GRANT_CLIENT_ROLE
Format
OAUTH.GRANT_CLIENT_ROLE( p_client_name VARCHAR2 IN, p_role_name VARCHAR2 IN);
Description
Grant an OAuth client the specified role, enabling clients performing two-legged OAuth to access privileges requiring the role.
Usage Notes
To have the operation take effect, use the COMMIT statement after calling this procedure.
Examples
The following example creates a role and grants that role to an OAuth client.
BEGIN ORDS.create_role(p_role_name => 'CLIENT_TEST_ROLE'); OAUTH.grant_client_role( 'CLIENT_TEST', 'CLIENT_TEST_ROLE' ); COMMIT; END; /
6.4 OAUTH.RENAME_CLIENT
Format
OAUTH.RENAME_CLIENT( p_name VARCHAR2 IN, p_new_name VARCHAR2 IN);
Description
Renames a client.
Usage Notes
The client name is displayed to the end user during the approval phase of three-legged OAuth.
To have the operation take effect, use the COMMIT statement after calling this procedure.
Examples
The following example renames a client.
BEGIN OAUTH.rename_client( 'CLIENT_TEST', 'CLIENT_TEST_RENAMED' ); COMMIT; END; /
6.5 OAUTH.REVOKE_CLIENT_ROLE
Format
OAUTH.REVOKE_CLIENT_ROLE( p_client_name VARCHAR2 IN, p_role_name VARCHAR2 IN);
Description
Revokes the specified role from an OAuth client, preventing the client from accessing privileges requiring the role through two-legged OAuth.
Usage Notes
To have the operation take effect, use the COMMIT statement after calling this procedure.
Examples
The following example revokes a specified role from an OAuth client.
BEGIN OAUTH.revoke_client_role( 'CLIENT_TEST_RENAMED', 'CLIENT_TEST_ROLE' ); COMMIT; END; /
6.6 OAUTH.UPDATE_CLIENT
Format
OAUTH.UPDATE_CLIENT( p_name VARCHAR2 IN, p_description VARCHAR2 IN, p_origins_allowed VARCHAR2 IN, p_redirect_uri VARCHAR2 IN, p_support_email VARCHAR2 IN, p_suppor_uri VARCHAR2 IN, p_privilege_names t_ords_vchar_tab IN);
Description
Updates the client information (except name). Any null values will not alter the existing client property.
Parameters
- p_name
-
Name of the client that requires the owner, description, origins allowed, support e-mail, support URI, and/or privilege modification.
- p_description
-
Description of the purpose of the client, displayed to the end user during the approval phase of three-legged OAuth.
- p_redirect_uri
-
Client-controlled URI to which a redirect containing the OAuth access token/error will be sent. If this parameter is null, the existing
p_redirect_uri
value (if any) is not changed. - p_support_email
-
The email address where end users can contact the client for support.
- p_support_uri
-
The URI where end users can contact the client for support. Example:
http://www.myclientdomain.com/support/
- p_privilege_names
-
List of names of the privileges that the client wishes to access.
Usage Notes
To have the operation take effect, use the COMMIT statement after calling this procedure.
If you want to rename the client, use the OAUTH.RENAME_CLIENT
procedure.
Example to Updates the Description of the Specified Client
The following example updates the description of the client with the name matching the value for p_name
.
BEGIN ORDS_METADATA.OAUTH.update_client( p_name => 'CLIENT_TEST_RENAMED', p_description => 'The description was altered', p_origins_allowed => null, p_redirect_uri => null, p_support_email => null, p_support_uri => null, p_privilege_names => null); COMMIT; END; /
Example 6-1 Example to Add Multiple Privileges
The following example adds a second privilege:
declare my_privs t_ords_vchar_tab := t_ords_vchar_tab (); begin my_privs.EXTEND (3); my_privs(1):='tst.privilege1'; my_privs(2):='tst.privilege2'; . oauth.update_client( p_name => 'Test_Client', p_owner => 'scott', p_description => 'Description', p_grant_type => 'client_credentials', p_redirect_uri => '/abc/efg/', p_privilege_names => my_privs); commit; end;
Related Topics
6.7 OAUTH.ROTATE_CLIENT_SECRET
Format
OAUTH.ROTATE_CLIENT_SECRET(
p_client IN NUMBER,
p_editing_user IN VARCHAR2,
p_revoke_sessions IN BOOLEAN DEFAULT TRUE);
Description
ROTATE_CLIENT_SECRET
regenerates a new client secret and deletes
all existing client sessions by default.
Parameters
Example
BEGIN
OAUTH.ROTATE_CLIENT_SECRET(
p_client => 1234567890,
p_editing_user => 'USERA',
p_revoke_sessions => TRUE
);
END;
/