Authenticate

Authentication and authorization in Oracle® Session Delivery Management Cloud (Oracle SDM Cloud) is managed by Oracle Identity Cloud Service (IDCS). To access the Oracle® Session Delivery Management Cloud (Oracle SDM Cloud) REST APIs, you need an OAuth 2.0 access token to use for authorization.

Prerequisites

In the UI, click Security Manager and then IAM and collect the following information:

  • IDCS FQDN

  • RESTApp IDCS client ID

  • RESTApp IDCS client secret

Set Required Variables

  1. Set the IDCS_FQDN variable to the URL of your IDCS server.

    export IDCS_FQDN='https://example.com'

  2. Set the variables of your Client ID and Client Secret.

    The Client ID is the value of the RESTApp IDCS client ID field. The Client Secret is the value of the RESTApp IDCS client secret field. 

    export CLIENT_ID='xxxxxxxxxxx'
export CLIENT_SECRET='xxxxxxxxxxx'
export USERNAME='xxxxxxxxxxx'
export PASSWORD='xxxxxxxxxxx'

  3. Calculate the AUTHORIZATION_VALUE.

    The AUTHORIZATION_VALUE is the Base64 encoding of the Client ID, a colon, and the Client Secret.

    On Oracle Linux, use base64 -w 0 to remove newlines from the Base64 output. 

    export AUTHORIZATION_VALUE=$( printf "${CLIENT_ID}:${CLIENT_SECRET}" | base64 -w 0 )

Custom Expiry Time

An access token's expiry time is in seconds. The default expiry for access tokens is 3600 seconds. To customize access token's (AT) expiry time, specify in the token request by sending urn:opc:resource:expiry=<seconds> in the scope parameter. For example: 

scope: osdmc:rest offline_access urn:opc:resource:expiry=10000

For example:

curl -L "https://$IDCS_FQDN/oauth2/v1/token" \
  --header 'Authorization: Basic <Base64 encoded clientId:clientSecret>' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'grant_type=password' \
  --data-urlencode 'scope=osdmc:rest offline_access urn:opc:resource:expiry=10000' \
  --data-urlencode 'username=<username>' \
  --data-urlencode 'password=<password>'

Response:

{
  "access_token": <access_token>,
  "token_type": "Bearer",
  "expires_in": 10000,
  "refresh_token": <refresh_token>
}

In this case, the generated access token will have an expiry of 10,000 seconds. The maximum configurable expiry time for an access token is 1 year.