Learn About Authenticating an Application with Oracle Identity Cloud Service by Using the Python SDK

When you want to develop a Python web application that uses the Oracle Identity Cloud Service authentication mechanism, use the Python SDK. This SDK facilitates your work because it encapsulates all necessary REST API endpoint calls to authenticate users with Oracle Identity Cloud Service using OpenID connect flows.

Oracle Identity Cloud Service provides identity management, single sign-on (SSO), and identity governance for your applications. It also provides the security platform for Oracle Cloud, which lets you securely and easily access, develop, and deploy your applications. Oracle Identity Cloud Service can function as an identity provider, centralizing the authentication mechanism, handling all password management responsibilities, and providing SSO for your applications.

Instead of creating a Python web application from scratch, Oracle provides a sample application that you can integrate with Oracle Identity Cloud Service for authentication purposes. This application was developed using the Python's DJango web framework.

The sample Python web application consists of two types of content:

  • Pages that are publicly accessible

  • Private pages that verify the existence of an Oracle Identity Cloud Service user access token in the current user session with the application


The following architecture diagram illustrates how the Python web application uses the SDK library to perform a three-legged OpenID Connect authentication flow with Oracle Identity Cloud Service. This authentication flow is an OAuth 2.0 authorization flow based on the authorization code grant type. By using this grant type, the user must sign in to Oracle Identity Cloud Service. After the user is signed in, the user can access other applications that are protected by Oracle Identity Cloud Service without the need to reauthenticate.

Figure - Authorization Code Grant Type

Description of Figure - follows
Description of "Figure - Authorization Code Grant Type"

The authorization code grant type consists of the following steps:

  1. The user requests a protected URL.

  2. Oracle Identity Cloud Service displays the Sign In page.

  3. The user submits their login credentials.

  4. Oracle Identity Cloud Service issues an authorization code to the Python application.

  5. The Python application uses the SDK to exchange the authorization code for an access token.

  6. The Python application displays the content for the user.

The Python web application in this solution won’t be published to production and doesn’t follow best practices for the use of Python, such as data handling, patterns, and security. The only purpose of this sample application is to illustrate how to integrate Oracle Identity Cloud Service and a Python web application by using the SDK.

About Required Services and Roles

This solution requires Oracle Identity Cloud Service.

These are the roles needed for Oracle Identity Cloud Service.

Role Required to...
Security administrator Access the Downloads page of the Identity Cloud Service console. From this page, you can download the Node.js SDK.
Application administrator Manage applications in Oracle Identity Cloud Service. This includes registering the sample Node.js application with Oracle Identity Cloud Service.

See Learn how to get Oracle Cloud services for Oracle Solutions to get the Oracle Identity Cloud Service.