2.1.7.3 Generate Access Token Using Different Grant Types

An access token is required to invoke APIs and you can generate the access token using different grant types.

Select a link for more information on each of these grant types:

1. Client Credentials Grant Type
2. Authorization Code Grant Type
3. Resource Owner Password Credentials Grant Type
4. TLS Client Authentication Grant Type
5. Refresh Token Grant Type

Note:

The Access token expiry (in seconds) is configurable and can be set at the time of generating the access token. By default, the expiry is set to 3600 seconds ~ 1 hour. You can configure this to a value of your choice up to a maximum value of 31536000 seconds ~ 1 year.

Prerequisite: Organization-wide ca.crt, client.crt, and client.key (you can generate client.crt and client.key using openssl.)

Creating a ca.crt file

The following procedure uses FireFox as the web browser.

1. Obtain your secure IDCS URL.
2. Open Firefox and enter the URL in the address bar, then press Enter.
3. Click the padlock icon to the left of the URL in the address bar.
4. Select Connection secure (or similar option) and then click More Information.
5. In the window that opens, select the Security tab and click View Certificate.
6. Under the Miscellaneous section, download either the PEM (cert) or PEM (chain) file as needed.

Obtaining the IDCS Secure Domain URL

An IDCS secure domain URL is the web address used to access Oracle Identity Cloud Service (IDCS) over a secure HTTPS connection.

To obtain the IDCS secure domain URL:

1. Sign in to the Oracle Cloud Console and go to Identity -> Identity Domains.
2. From the Details tab, copy the Domain URL.
3. Append /.well-known/idcs-configuration after the URL.

   Example: <idcs_domain_URL>/.well-known/idcs-configuration

4. Search for secure_token_endpoint to get the IDCS secure domain URL.