Creating an OAuth 2.0 Client

OAuth2 clients are registered with an Oracle Identity Cloud Service (IDCS) server, not with individual RDS environments. This is a key architectural point: the client is associated with the IDCS server, and the server governs access to all environments under its domain (for example, PROD, STG, UAT). You may have two IDCS servers, one for production and one for non-production environments. This distinction matters.

As a result:

• A single OAuth2 client can be used to obtain access tokens that are valid for any environment managed by the same IDCS server. It does not matter which Oracle Retail Home environment you use to create the client so long as the environment is secured by the correct IDCS server.

• Any valid token issued by the IDCS server is accepted by the Credential Exchange Service across all of its environments secured by that server.

Note:

Only one OAuth2 client is required per IDCS server. There is no need to create separate clients for each environment.

This approach simplifies configuration and reduces operational overhead.