1. Modern View Online Help
  2. Manage External Application Access

69 Manage External Application Access

Purpose: Use the Manage External Application Access page to create, review, and work with external applications that integrate with Order Administration using OAuth, and define the web services that use OAuth authentication for inbound web service requests to Order Administration.

About OAuth: OAuth enables web service communication between applications using a token provided by IDCS or OCI IAM rather than a password, providing greater security. The requesting application first passes its:

  • Client ID: Similar to a user ID in that it identifies a client application to the authentication service, in this case IDCS or OCI IAM. You can create client IDs through the Manage External Application Access page, in IDCS or OCI IAM, or through other applications, such as Customer Engagement.
  • Client secret: A secure code that IDCS or OCI IAM creates for a client application, and that the client application passes to IDCS or OCI IAM for authentication. The client secret should be known only to the requesting application and to IDCS or OCI IAM.

When IDCS or OCI IAM receives the valid client ID and client secret, it then provides the token to the requesting application. The requesting application can then include the token in the web service request to the destination system, which validates the token with IDCS or OCI IAM.

For example, if your ecommerce system will communicate with Order Administration using OAuth, you can use this page to:

  • Create a client ID and secret, which you can then provide to the ecommerce system.
  • Create the associated web service authentication records for the ecommerce system.

With OAuth authentication:

The requesting system first passes a client ID and a client secret to an authenticating service, such as IDCS or OCI IAM.

  • The authenticating service, such as IDCS or OCI IAM, generates a short-lived token.
  • The requesting system submits the token to the destination system, rather than a password and user ID as with basic authentication.
  • The destination system validates the token and client ID.

The following is required in order to support OAuth with Omnichannel products:

  • The IDCS or OCI IAM client ID and client secret for the integrating system must be created through an Omnichannel cloud service, if it does not already exist.
  • The system receiving the web service request needs to have a record of the client ID with assigned access for the web service API.
  • A system sending the web service request needs to be able to request the token from IDCS or OCI IAM.
  • The system sending the web service request needs to include the token so the system receiving the web service request can validate the request.

About store locations and XOffice OnPrem: The XOffice OnPrem application differs from other applications in that it serves as the parent for any related store locations. Any store locations that are assigned a parent ID are not displayed at this page; instead, you configure external access for XOffice OnPrem, and this “parent” handles authentication for all related store locations.

When authentication is required for a request originating from any location associated with the XOffice OnPrem parent ID, the parent ID’s authentication credentials are used.

Example: XOffice OnPrem is the parent for location A.

For more information: See the Oracle Retail Omnichannel Web Service Authentication Configuration Guide on My Oracle Support (2728265.1) for web service authentication configuration instructions.

Note:

This option is delivered with the default SYSADMIN menu but is currently used only for Order Administration Cloud Service, so authority to the option is not normally required by any users.

How to display: Select Manage External Application Access from a menu.

Note:

ALLOW authority to the MEAA menu option is required for access to this page.

For more information:

Manage External Application Access Options

Purpose: The options at the Manage External Application Access page are described below.

Troubleshooting: Options at this page that require communication with IDCS or OCI IAM, including generating a new client, regenerating the secret for a client, and refreshing the displayed applications, will fail if the administrative properties listed above are not set correctly. See Work with Admin Properties in the Classic View online help for more information on setting up these properties, or contact your Oracle representative for more help.

For more information:

Also, see the Oracle Retail Omnichannel Web Service Authentication Configuration Guide on My Oracle Support (2728265.1) for web service authentication configuration instructions.

Options at this page:

Filter the Displayed External Application Access Options

To filter the displayed records: Enter any string of characters in the Filter field and press Enter to restrict the displayed records to those that:

  • Contain your entry in the description or client ID of the external application, or
  • Have web service authentication records for a web services matching your entry; for instance, enter cwc or CWC to display applications with web service authentication records for the CWCustomer web service.

The filter is not case-sensitive.

Filter on more than one string of characters: You can also enter an additional string of characters in the Filter field and press Enter to restrict the displayed records to those that contain all entered search criteria.

Example: Enter new and press Enter to display external application records whose descriptions contain the word or string new. Enter demo and press Enter to display external application records that contain both the word or string new and the word or string demo.

You can remove any search criteria by clicking the X to the right of the search term. The page updates the filtered results immediately.

Sorting: You can also click on a column heading to sort the results in ascending or descending order based on the selected column.

Note:

External applications that were generated through Customer Engagement Cloud Services have a blank Application Description. Search for them by using the Client ID.

Generate a New Client

About generating new clients: Typically, you would use the Manage External Application Access page to:

  • Generate a new client for the XOffice On Premises application and assign web service access.
  • Generate a new client for another application and assign web service access.

Before you start: Before beginning the generation steps, you would typically select the Refresh option to confirm that the required client applications were not already created. See Refresh the Displayed Applications.

If the required client applications are not displayed after you select Refresh, follow the steps below to create them.

Generation steps: Select the Generate Client option to advance to the Generate Application Client window.

At this window, specify the Application Details:

  • Application Type: Can be either:

  • XOffice On Prem: Select this option only if the application does not integrate directly with IDCS or OCI IAM.

  • External: Select this option if the application integrates with IDCS or OCI IAM.

Selecting an Application Type is required.

Application Description: Enter a brief description of the application. This is the Description in IDCS or OCI IAM, and is informational. If you require multiple environments, such as one for production and one for UAT, you can include this information in the application description. Alphanumeric, 50 positions; required.Environment: If the Application Type is XOffice On Prem, specify the type of environment, such as PROD or TEST. Your entry is converted to upper case, and no spaces or special characters are allowed. Required if the Application Type is XOffice On Prem; otherwise, if you set the Application Type to External, this field is not enterable and is not used. Informational.

Click Generate to save the generate the new client and submit it to IDCS or OCI IAM; otherwise, click the X in the top right to close the window without generating the client.

If you click Generate, the window displays:

  • The new generated Client ID, and a link to copy the Client ID to the clipboard.
  • A link to copy the generated Client Secret to the clipboard.

You can copy and paste the new client ID and the new client secret if you need to share the information for an application that is not integrated with IDCS or OCI IAM, so that application can use the secret for OAuth authentication.

The window displays an error if it cannot create the client, such as if the client ID already exists, or if communication with IDCS or OCI IAM fails. See Manage External Application Access for information on the properties used for communication with IDCS or OCI IAM.

Click Done to close the window, and click OK at the confirmation window to confirm.

Generated client ID:

  • When the Application Type is XOffice On Prem, the generated client ID is RGBU_XTROFFOP_<ENV>_XOFFICE_APPID, where <ENV> is the specified Environment.
  • When the Application Type is External, the generated client ID is RGBU_OMCS_<RANDOM>_APPID, where <RANDOM> is a random string of 8 characters.

Define web service access: After creating the client, you need to define web service access. See Edit Web Service Access for an Application.

For more information: See Manage External Application Access for background.

Edit Web Service Access for an Application

To edit access: To create, change, or review web service authentication user records for the external application, highlight a record and select Edit Access from the right-hand Actions column (actions icon illustration). The Web Services for window opens.

Select or deselect any of the listed web services. The standard Order Administration web service options are:

  • CWCustomer:
  • CWEmailRequest
  • CWMessageIn
  • CWOrderIn
  • CWPickIn
  • CWReceiptIn
  • CWServiceIn
  • JMSQueue
  • JobStatistics
  • PrivateDataRequest
  • ProcessIn
  • Storage

For more information: See the Classic View online help for information on each of these web services.

Click OK to update the web service access; otherwise, click Cancel.

Create web service access: Once created, the inbound web service records are listed in the Web Service Access column at the Manage External Application Access page, and are also displayed at the Work with Inbound Web Service Authentication Users through the Work with Web Service Authentication (WWSA) menu option, with the User set to the Client ID. The client ID can now be used for OAuth authentication for that web service.

Delete web service access: If you delete the web service option, the inbound web service authentication record is deleted, and is no longer displayed at the at the Work with Inbound Web Service Authentication Users through the Work with Web Service Authentication (WWSA) menu option, and can no longer be used for authentication for that web service.

Typical required access: The following web service access is typically required:

  • XOffice On Prem: Requires CWOrderIn, CWServiceIn, and CWMessageIn.
  • Ecommerce application: Requires CWOrderIn.

Refresh the Displayed Applications

To refresh: Click Refresh to update the list of currently existing application clients from IDCS or OCI IAM:

  • If any additional application clients are found in IDCS or OCI IAM that did not previously have records in Order Administration, these application client records are created in the Order Administration database.
  • If any application clients that previously existed in Order Administration have been deleted from IDCS or OCI IAM, they are deleted from Order Administration, and the web service authentication user records are also removed from Web Service Authentication (WWSA).

Example: When you click Refresh, the updated list of clients might include clients created through another application, such as Customer Engagement.

Note:

When additional store locations have been created for XOffice On Prem, using the Refresh option creates the records in the Order Administration database; however, these records are not displayed at the Manage External Application Access page because they are assigned to XOffice On Prem as their parent ID. The Manage External Application Access does not display any records whose parent ID is populated.

Regenerate the Secret for a Client

To regenerate: Highlight a record and select Regenerate Secret from the right-hand Actions column (actions icon illustration). This option is available only if:

  • The application record was created in Order Administration, and
  • The selected Application Type is External.

The Regenerate Application Client Secret window displays the following information:

  • The selected Client ID.
  • The Application Description.
  • The Application Type (External).
  • The Environment, such as QA or PROD, if specified when the application was created.

All fields are display-only.

About the client secret: The client secret is a secure code that IDCS or OCI IAM creates for a client application, and that the client application passes to IDCS or OCI IAM for authentication. The client secret should be known only to the requesting application and to IDCS or OCI IAM.

You can close the window by clicking the X in the upper right.

If you click Regenerate Secret, the Confirm Client Secret Regeneration window opens.

Click OK to regenerate the secret. The window displays:

  • The new Client ID, and a link to copy the new client ID to the clipboard.
  • A link to copy the new client secret to the clipboard.

You can copy and paste the new Client ID and the new client secret if you need to share the information for an application that is not integrated with IDCS or OCI IAM, and needs to use the client ID and client secret for OAuth authentication.

Use caution when regenerating the secret, since this option actually deletes the application client in IDCS or OCI IAM and regenerates it.

The window displays an error if it cannot regenerate the secret, such as if communication with IDCS or OCI IAM fails. See Manage External Application Access for information on the properties used for communication with IDCS.

For more information: See Manage External Application Access for background.

Fields on Manage External Application Access

Purpose: The following information is on the Manage External Application Access page.

  • Application Description: The description of the application created for web service authentication. This is the Description in IDCS or OCI IAM. Alphanumeric, 50 positions. Display-only.

Note:

External applications that were generated through Customer Engagement Cloud Services have a blank application description.
  • Client ID: Uniquely identifies the client in IDCS or OCI IAM:

If the Application Type is XOffice OnPrem, the client ID is RGBU_XTROFFOP_ <ENV>_XOFFICE_APPID, where <ENV> is the environment, such as PROD for production.

If the application record was created through Order Administration or another Omnichannel Application, the client ID is formatted as RGBU_OMCS_<RANDOM>_APPID, where OMCS identifies the application, and <RANDOM> is a series of 8 random characters.

Otherwise, if the application record was created in IDCS or OCI IAM, the client ID is a series of random characters.

This is the Name in IDCS or OCI IAM. Note that the Display Name in IDCS or OCI IAM is the Client ID without the _APPID suffix.

Alphanumeric, 255 positions. Display-only.

Note:

The client ID is similar to a user ID in that it identifies a client application to the authentication service, in this case IDCS or OCI IAM. You can create client IDs through the Manage External Application Access page, in IDCS in OCI IAM, or through other applications, such as Customer Engagement.
  • Web Service Access: The Order Administration inbound web services for which the application is defined as a user. You can use the Edit Access option at the Manage External Application Access page to create, delete, or review the inbound web services for which the application is defined as a user for authentication purposes.
  • Date Generated: The date when the application record was created or regenerated in Order Administration, including when the record was received from IDCS or OCI IAM, or generated or during the creation of a new record through Xstore On Premises authentication. Display-only.

XOffice on premises and the parent ID: The page displays records only if they are not associated in IDCS or OCI IAM with a parent ID. If you use XOffice on premises, each store location record in IDCS or OCI IAM is associated with the XOffice on premises application as its parent ID. Because there can be many store locations associated with the parent application record, the Manage External Application Access page displays just the XOffice rather than the individual store locations.

For more information: