OAuth 2.0 Clients

For system-to-system integrations, OAuth 2.O clients are registered with Oracle Cloud Identity Domain and in order to access the RESTful APIs of Oracle Health Insurance applications an OAuth 2.0 access token is required. This token must be obtained from the Oracle Identity Domain associated with the Oracle Health Insurance Cloud Services environment.

Oracle provides OAuth 2.0 Resource Server definitions for each Oracle Health Insurance Cloud Services environment. These Resource Server definitions include:

  • Primary Audience

  • List of Scopes

The Primary Audience is equivalent to the API hostname for the environment.

The term Scope typically refers to the level of access and permissions granted to users, groups, or resources within the Oracle Health Insurance Cloud Services. Using the scope parameter, the access token can grant different levels of access to multiple Oracle Health Insurance APIs. For example, use the urn::ohi-components-apis scope when you need to access any Oracle Health Insurance components API in the given application deployment. This provides clients with access to only the resources they need to do their work.

User can select multiple scopes.

So, OAuth 2.0 clients must be registered and granted the set of scopes of the selected environments. The audience of OAuth 2.0 access tokens obtained through these clients must match the hostname of the Oracle Health Insurance Cloud Services environment.

Create a Confidential Application in Identity Cloud Services

To Create a Confidential Application in Identity Cloud Services, follow the below steps:

  1. Navigate to the corresponding Oracle Identity Domain in the OCI Console.

  2. Select the Applications tab and click the Add.

  3. Select Confidential Application.

  4. In the Add Confidential Application details page, in the App Details Section, enter a Name (5 characters or more), optionally give a Description , and click Next.

  5. Select Configure this application as a client now then select the Allowed Grant Types appropriate to the intended use. For example, the client credentials are used for programmatic clients.

  6. Under the Token Issuance Policy, In Authorized Resources select Specific. Select Scope page is displayed.

  7. Select the scopes that you want the OAuth token to grant access to and select Add.

  8. Select the resource which is used as scope. Here you can select one or more scopes.
    Using the scope parameter, the access token can grant different levels of access to multiple OHI APIs.

  9. Click the Next button.

  10. Skip Web Tier Policy and Authorization as default and click Finish.

  11. Client ID and Client Secret of an Application are displayed. Copy and note the Client ID and Client Secret, and then click Close.

  12. Click Activate, and then click Activate Application.

  13. On the Details page for your new application, select Activate and confirm the activation.