OAuth Access Token Requests Parameter Configuration

As per OAuth specification, it expects certain parameters or attributes in the request body, while obtaining new access token from OAuth server. For example, IDCS OAuth server expects the following parameters in the request (POST "<baseUrl>/oauth2/v1/token") body while obtaining access token with AssertionJWTBearer grant type.

grant_type
scope
assertion

Oracle Health Insurance supports the following parameters by default.

Parameter	Value
grant_type	Value as expected by the OAuth server. It differs for each grant type. - For ClientCredentials grant type, it is client_credentials - For AssertionJWTBearer, it is urn:ietf:params:oauth:grant-type:jwt-bearer
scope	Value is configured at OAuth client level. Multiple scopes are separated by comma. No need to configure this parameter separately, as it is configured at client level itself.
assertion	JWT bearer token. It is generated by Oracle Health Insurance at runtime and applicable for AssertionJWTBearer grant type only.

Parameter

Value

grant_type

Value as expected by the OAuth server. It differs for each grant type.

- For ClientCredentials grant type, it is client_credentials
- For AssertionJWTBearer, it is urn:ietf:params:oauth:grant-type:jwt-bearer

scope

Value is configured at OAuth client level. Multiple scopes are separated by comma. No need to configure this parameter separately, as it is configured at client level itself.

assertion

JWT bearer token. It is generated by Oracle Health Insurance at runtime and applicable for AssertionJWTBearer grant type only.

In case OAuth server expects the above parameters with different name or value, or expects additional parameters, Oracle Health Insurance has capability to facilitate that.

The custom parameter has the following attributes:

Attribute	Description
code	Name of the custom parameter. It should be unique.
parameterName	OAuth server specific parameter name.
parameterValue	OAuth server specific parameter value.

Attribute

Description

code

Name of the custom parameter. It should be unique.

parameterName

OAuth server specific parameter name.

parameterValue

OAuth server specific parameter value.

To manage these parameters, use generic HTTP APIs.
Once the parameters are created using POST <baseurl>/generic/oauthparameters, it can be configured at OAuth client level as shown below.

For example, to configure OAuth parameters in OAuth client:

{
  "restClientId": "DataReplicationPersonEntities",
  "clientId": "AuthsDataReplicationPersonEntities",
  "tokenURI": "https://host:port/oauth2/v1/token",
  "scope": "urn:opc:idm:__myscopes__",
  "oAuthClientParameters": [
    {
      "oAuthParameter": {
        "code": "IDCS_GRANT_TYPE"
      }
    },
    {
      "oAuthParameter": {
        "code": "IDCS_ASSERTION"
      }
    }
  ]
}

The default parameter behavior is completely skipped, if at least one parameter is configured under oAuthClientParameters. Hence, all the required parameters must be explicitly defined under oAuthClientParameters.

If the standard assertion parameter name is different for specific OAuth server, it should be configured using ohi.oauth.token.jwt.assertion.param.name property. The scope parameter should be always configured at OAuth client level. All other parameters should be created using POST /generic/oauthparameters and linked to specific OAuth client.