For authentication to work properly, you must use the same Oracle Identity Cloud Service instance that is securing your Oracle Fusion Applications Cloud Service and Oracle PaaS (Oracle Visual Builder) or custom HTML5 app. Within Oracle Identity Cloud Service you need to create a confidential application to use for the client authentication.
Within Oracle Identity Cloud Service, create a confidential application and ensure the client configuration is set up so that it enables the Client Credentials and JWT Assertion grants.
- Sign in to Oracle Cloud My Services, click Users, and then click Identity Console.
- Select the Applications tab, and click Add. Then click Confidential Application.
- On the Details page of the Add Confidential Application wizard, give the new application a name. If you want, you can set other values such as description, icon, display settings, and tags. Click Next.
- On the Client page, select
Configure this application as a client now. Additional options appear on the page. Set them this way:
- Allowed Grant Types: Select Resource Owner, Client Credentials and JWT Assertion.
- Enable Allow non-HTTPS URLs.
- You don't need a redirect URL for this use case.
- Client Type: Leave the Confidential option selected.
- Within the Token Issuance Policy section, add resources from Oracle Fusion Applications Cloud Service by clicking the + Add Scope button. Then select resources within the section corresponding to your Oracle Fusion Applications Cloud Service instance.
- You don't need to grant access to admin APIs.
- Click Next to go to the Resources page, then click Next again to go to the Authorization page.
- On the Authorization page, click
Finish. The Application Added notification appears, with your Client ID and Client Secret. Note these down for use later. When you dismiss the notification, the application is shown.
- Click the Activate button to the right of the application name.
If you have a tool such as Postman, you can test that the application is working. Create a dummy REST request and configure it to be secured by OAuth 2.0, and then request an authentication token via the built in “get new access token” functionality of Postman. The grant type to use within postman is Password Credentials, and you need to supply the Oracle Visual Builder client username/password, but in a production environment you would be using Client Credentials where the client will provide the user information.
The access token URL is formed by taking the Oracle Identity Cloud Service host URL and appending /oauth2/v1/token. For example, https://<your identity cloud hostname.identity.oraclecloud.com>/oauth2/v1/token.