1. Learn how to access data from an Oracle Mobile Hub application
  2. About Authentication Strategies for Oracle Mobile Hub Applications

About Authentication Strategies for Oracle Mobile Hub Applications

In Oracle Mobile Hub, all resources are secured and can only be accessed by authenticated users that are authorized to access those resources. You can enable one or more authentication methods in the mobile backend and then write application code to use one of these methods.

For the purposes of authenticating with other Oracle Cloud SaaS services, the most important available authentication methods are Enterprise Single Sign-On (SSO) and OAuth Consumer. When deciding how to set up your authentication, you should also give some thought to securing cross-origin resource sharing (CORS) for access to Oracle Mobile Hub APIs.

About Enterprise Single Sign-On in Oracle Mobile Hub

If you want to use another Oracle Cloud service as the identity provider to authenticate users of your apps, you can enable Oracle Cloud’s single sign-on (SSO) capability to connect with that identity provider and then configure your mobile backends to use it.This is particularly useful if you're rolling out apps for your company’s employees and you want them to be able to sign in to the apps using their existing Oracle Cloud or company employee login credentials.

You can set up Enterprise SSO in Oracle Mobile Hub to work in either of the following ways:

  • Browser-based SSO through Oracle Mobile Hub. The app opens the Oracle Mobile Hub SSO URL in a browser and, after a series of redirects, displays the login screen of the remote identity provider. After the user successfully enters their credentials, the user receives an OAuth token, which you include as a bearer token on each subsequent Oracle Mobile Hub API call.
  • Third-party SAML and JWT tokens. The app obtains a token from a trusted third-party issuer, makes an API call to the Oracle Mobile Hub token exchange endpoint, and receives an issued token, which you include as a bearer token on each subsequent Oracle Mobile Hub API call.

About OAuth Consumer Authentication in Oracle Mobile Hub

For every custom API in Oracle Mobile Hub, you decide whether or not authentication is required. This determines which OAuth flow is used. For authenticated access, use the Resource Owner Password Credentials Grant. For unauthenticated access, use the Client Credentials Grant.

OAuth 2.0 is explicitly designed with REST in mind. It supports a variety of different client types that access REST APIs, including mobile apps. Secured APIs are made available only after a mobile app presents a valid OAuth access token.

The Oracle Mobile Hub implementation of OAuth enables Oracle Mobile Hub to manage permissions and grant applications access to services without requiring a separate login for each individual service. Credentials are issued for each mobile backend. Each mobile app registered with the mobile backend uses those credentials to authenticate with any API associated with that mobile backend.

Before a mobile application can access Oracle Mobile Hub APIs, it must first register with the Oracle Mobile Hub OAuth server. The registration is typically a one-time task and can be done when the mobile backend is created. Once registered, the registration remains valid unless it's revoked.