1. REST API for OAuth in Oracle Access Manager
  2. Authentication

Authentication

Oracle Access Manager (OAM) uses a certificate authority (CA) certificate, issued by Verisign, to enable clients to connect securely to the server.

OAM OAuth REST API supports authentication via Authorization header for enforcing access controls to web resources.

The authentication type the API support is governed by the OWSM policy used. OAM supports oracle/multi-token-rest-service-policy which has following authentication.

  • HTTP Basic Auth

  • SAML 2.0 Bearer token in HTTP header

  • HTTP OAM security

  • JWT token in HTTP header

If you access OAM OAutht REST resources over HTTPS, you must provide the following information for authentication:

  • An SSL certificate authority (CA) certificate file or bundle to authenticate against the Verisign CA certificate.

  • User name and password for your OAM account.

For example, to authenticate using cURL:

  • Set the cURL environment variable, CURL_CA_BUNDLE, to the location of your local CA certificate bundle. For information about CA certificate verification using cURL, see: http://curl.haxx.se/docs/sslcerts.html.

  • Pass the user name and password for your OAM account using the -u cURL option.

The following is the syntax of the cURL command: 
curl -i -X GET -u <username>:<password> -H <request-header>:<value> https://<subdomain>.<domain>.com:<port>/<resource-path>
The following provides an example cURL command: 
curl   -X POST  -u username:password  -d @post.json https://pseudo.com/oam/services/api/v1/users