2.1.7.1 Create an Integrated (Confidential) Application

You can create an Integrated (Confidential) Application in Oracle Identity / IDCS (OCI IAM) to generate OAuth tokens for making public API calls.

Prerequisites
  1. Administrative access to your OCI Identity Domain / IDCS console.
  2. Appropriate tenancy/domain selected in the Console.
  3. If enabling TLS Client Authentication, private key and certificates are required.
Perform the following steps to create an integrated application
  1. Sign in to the Oracle Cloud Console and go to Identity -> Identity Domains.
  2. Select the domain where you want to create the application.
  3. On the domain details page, choose 'Integrated Applications'.
  4. Click 'Add Application' and select 'Confidential Application'.
  5. Click 'Launch workflow'.
  6. Provide application details such as Name, Description, and Application URL (Redirect URL) if required
    • Application name: You can use the Tenant ID as your application name.
    • Redirect URL. Example: https://%hostname%/cloudgate/v1/oauth2/callback
  7. Select 'Configure this application as a client now'.
  8. Under Grant Types, at minimum enable:
    • Client Credentials
    • Authorization Code
    • Resource Owner
    • Optionally, enable:
      1. Refresh Token (to obtain refresh tokens alongside access tokens).
      2. TLS Client Authentication (for certificate-based client auth).
  9. Complete the workflow and select Finish. The application is added in a deactivated state.
  10. In the 'Application added' dialog, record the Client ID and Client Secret. Store these securely (Example: Vault).
  11. On the application details page, click 'Activate' and confirm activation.
  12. Post activation: If enabling TLS Client Authentication, import and register client certificate and key.
Note:
  • Client Credentials, Authorization Code and Resource Owner are default/commonly required grant types. You can enable other grants as needed.
  • To support renewing access tokens, enable the Refresh Token grant type.
  • Optionally, enable TLS Client Authentication for certificate-based client authentication.

For more details, see Adding a Confidential Application.