Create an Integrated (Confidential) Application

You can create an Integrated (Confidential) Application in Oracle Identity / IDCS (OCI IAM) to generate OAuth tokens for making public API calls.

OPC Applications Overview

An OPC app is a pre-created application that’s provisioned automatically. The app name uses the following format: the cloud service name followed by your tenant ID. Example: AMLCS bccb73-prd.

To view your available OPC apps:
  1. In the OCI Console, select Domains from the menu on the left.
  2. Open the Oracle Cloud Services tab.
  3. Review the list to see all OPC apps available to you.
Currently, Oracle Public Cloud (OPC) app client credentials are used to generate OAuth token and make public API calls. It is recommended to use Integrated App instead of OPC app for token generation, and maps grant types to typical use cases (service-to-service vs user-role tokens).
Prerequisites
  1. Administrative access to your OCI Identity Domain / IDCS console.
  2. Appropriate tenancy/domain selected in the Console.
  3. If enabling TLS Client Authentication, private key and certificates are required.
Perform the following steps to create an integrated application
  1. Sign in to the Oracle Cloud Console and go to Identity -> Identity Domains.
  2. Select the domain where you want to create the application.>
  3. On the domain details page, choose 'Integrated Applications'.
  4. Click 'Add Application' and select 'Confidential Application'.
  5. Click 'Launch workflow'.
  6. Provide application details such as Name, Description, and Application URL (Redirect URL) if required
    • Application name: You can use the Tenant ID as your application name.
    • Redirect URL. Example: https://%hostname%/cloudgate/v1/oauth2/callback
  7. Select 'Configure this application as a client now'.
  8. Under Grant Types, at minimum enable:
    • Client Credentials
    • Authorization Code
    • Resource Owner
    • Optionally, enable:
      1. Refresh Token (to obtain refresh tokens alongside access tokens).
      2. TLS Client Authentication (for certificate-based client auth).
  9. Complete the workflow and select Finish. The application is added in a deactivated state.
  10. In the 'Application added' dialog, record the Client ID and Client Secret. Store these securely (Example: Vault).
  11. On the application details page, click 'Activate' and confirm activation.
  12. Post activation: If enabling TLS Client Authentication, import and register client certificate and key.
Note:
  • Client Credentials, Authorization Code and Resource Owner are default/commonly required grant types. You can enable other grants as needed.
  • To support renewing access tokens, enable the Refresh Token grant type.
  • Optionally, enable TLS Client Authentication for certificate-based client authentication.

For more details, see Adding a Confidential Application.