Configure OAuth Services
To use OAuth 2.0 for authentication, configure your Billing Care REST API services and then register your client application as a trusted client on Oracle Access Manager.
To configure OAuth services using Oracle Access Manager:
- Create an identity domain, which controls the authentication and authorization of your client applications. It also controls which features your client application can access in relation to the service.
To create an identity domain, use cURL to send an HTTP/HTTPS request to the Oracle Access Management URL. For example:
curl -i -H "Content-Type: application/json" -H "Accept: application/json" -H "Authorization:Basic credentials" -X POST http(s)://hostname:port/oam/services/rest/ssa/api/v1/oauthpolicyadmin/oauthidentitydomain -d '{ "name": "identityDomain", "description": "Description for Billing Care REST API Identity Domain", "tokenSettings":[ { "tokenType": "ACCESS_TOKEN", "tokenExpiry": tokenExpiry } ] }'where:
- credentials is the Base64-encoded value of your Oracle Access Manager administrator user name and password joined by a single colon (username:password).
- hostname:port is the host and port of the Oracle Access Manager Administration Server.
- identityDomain is the name of the Oracle Access Manager identity domain that you want to create.
- tokenExpiry is the number of seconds before the token expires, such as 3600 for one hour.
See "Add a new OAuth Identity Domain" in REST API for OAuth in Oracle Access Manager for more information.
- Create a resource server, which hosts protected resources and accepts and responds to protected resource requests using access tokens.
To create and configure your resource server, use cURL to send an HTTP/HTTPS request to the Oracle Access Management URL. For example:
curl -i -H "Content-Type: application/json" -H "Authorization:Basic credentials" -X POST http(s)://hostname:port/oam/services/rest/ssa/api/v1/oauthpolicyadmin/application -d '{ "name": "resourceServer", "idDomain": "identityDomain", "description": "Billing Care REST API Resource Server", "scopes":[ { "scopeName":"scopeName", "description":"All Access" } ] }'where:
- resourceServer is the name of your resource server, such as BillingCare.
- scopeName is the name of the scope, such as All.
See "Add a new Resource Server" in REST API for OAuth in Oracle Access Manager for more information.
- Create a client application that makes protected resource requests on behalf of the resource owner and with the resource owner's authorization. Billing Care REST API clients are web applications with an OAuth 2.0 client type of Confidential Client. Clients must use a grant type of Client Credentials for requesting access to Billing Care REST API resources.
To create a client application, use cURL to send an HTTP/HTTPS request to the Oracle Access Management URL. For example:
curl -i -H "Content-Type:application/json" -H "Authorization:Basic credentials" -X POST http(s)://hostname:port/oam/services/rest/ssa/api/v1/oauthpolicyadmin/client -d '{ "secret": "client_secret", "id": "client_id", "name": "clientName", "scopes": [ "resourceServer.scopeName" ], "clientType": "CONFIDENTIAL_CLIENT", "idDomain": "identityDomain", "description": "Description of client of Billing Care REST API Server", "grantTypes":[ "CLIENT_CREDENTIALS" ], "defaultScope": "resourceServer.scopeName", "redirectURIs": [ { "url":"http(s)://BillingCareHost:BillingCarePort/bcws", "isHttps": isHttps } ] }'where:
- client_secret is the password for your client.
- client_id is the client ID for your client. It will be generated automatically if not specified.
- clientName is the name of your client.
- BillingCareHost:BillingCarePort is the host and port of the Billing Care REST API Server.
- isHttps is a Boolean value that specifies whether the URL is accessed over HTTPS (true) or HTTP (false).
See "Add a new OAuth Client" in REST API for OAuth in Oracle Access Manager for more information.
For more information about OAuth 2.0, see "Understanding the OAuth Service" in Oracle Fusion Middleware Administrator's Guide for Oracle Access Management.