Migrating to Client Credentials Authentication Scheme (OCIM)

Follow the below steps only for environments that are migrated from a resource owner group (SSD) authentication scheme to client credentials authentication scheme (OPERA Cloud Identity Management).

Stage 1: Preparing for Migration (Pre-Migration)

In this stage, the customer and partner environments are marked with a label ‘Migrating Soon.’ This implies that customers and partners can now prepare for the upcoming migration, so they have a seamless transition with minimal downtime.

Customers and their partners are advised to take the following actions:

Reissue their client secret so it also works with a client credentials authentication scheme (OPERA Cloud Identity Management). For more information, see Changing Your Client Secret.
The below image depicts the changes you must make in the OAuth token API. These changes enable you to use the client credentials authentication scheme (OPERA Cloud Identity Management) once your environment completes the migration. For more information, see Authenticating to Oracle Hospitality Property APIs.

Note:

Customers and partners must use the resource owner group authentication (SSD) to get OAuth tokens for their integration and should NOT switch to the new authentication code until the migration is complete. The pre-migration stage is only to give sufficient time to prepare the authentication code for client credentials and to reissue the client secrets.

Stage 2: Migration

Customers and their partners are informed well in advance of the time for the actual migration by the Customer Success manager. During the migration phase, customers and partners will temporarily be unable to access their integrations for a short period of time.

Stage 3: Post Migration Validation

The customer success manager informs the customer and their partners once the migration has been completed. Customers and their partners are advised to follow the below instructions to ensure a successful migration.

OHIP Developer Portal: Customers must check if users can still access the OHIP Developer Portal. If not, customers must grant access to the user by adding the developerportalaccess role in OPERA Cloud Identity Management. For more information, see Adding Developer Portal Users.

Note:

Developer Portal URL will change after migration to OPERA Cloud Identity Management. Customers need to login using the new URL provided by CSM via customer communication.
Client Credentials: The clientId for existing OHIP integrations will not be migrated. If not regenerated during the pre-migration step, customers and partners can still regenerate client credentials post migration. For more information, see Changing Your Client Secret.
Integration Users: Integration users are not needed for Client Credentials authentication.
Authentication Scheme: The authentication scheme in all the migrated customer and partner environments should be changed to Client Credentials. For more information, see Viewing Environment Details.
Environment Details: All environment details should now be reflecting two new fields — ‘EnterpriseID’ and ‘Scope’ — which are required when authenticating with Client Credentials-based authentication. For more information, see Viewing Environment Details.
Existing Partner Connections: All partner connections should automatically be migrated to a Client Credentials authentication scheme and should be in "Approved" status. This can be validated in the OHIP developer portal.
Customers and their partners must validate if the below existing data is visible post migration “as is” in the developer portal.
1. Applications
2. Streaming applications and their configuration
3. Restricted APIs access
4. Analytics
Switch Authentication:
Customers and their partners must regenerate the OAuth token using the client credentials workflow and replace all their old tokens with the new token for existing integrations. For more information, see Authenticating to Oracle Hospitality Property APIs.