Learn About Integrating a Web Application with Oracle Identity Cloud Service

One way to integrate your web application with Oracle Identity Cloud Service for authentication purposes is through industry-standard protocols and layers, such as OAuth 2.0 and OpenID Connect 1.0.

Most modern web application development frameworks support OpenID Connect 1.0 integration with OpenID Connect providers through out-of-the-box modules or libraries. This solution uses a Java Web application called Customer Quotes. Customer Quotes sends and receives HTTP requests to Oracle Identity Cloud Service REST API endpoints to acquire an identity token and an access token.

About OAuth 2.0 and OpenID 1.0 Connect

You can use OAuth 2.0 and OpenID Connect to integrate Oracle Identity Cloud Service with a custom application.

Oracle Identity Cloud Service supports the following protocols for federated single sign-on (SSO) and authorization integration with custom web applications:
  • OAuth 2.0: An authorization protocol, commonly used for third-party authorization requests.

  • OpenID Connect 1.0: OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol.

Using the standard protocols, you can:

  • Develop a web application by using OAuth 2.0 and OpenID Connect 1.0 third-party libraries and frameworks.

  • Federate SSO between custom web applications and Oracle Identity Cloud Service. Users can sign in once to access all integrated applications. Oracle Identity Cloud Service performs authentication and credentials validation.

  • Authorize access to operations on third-party servers. After the user signs in and Oracle Identity Cloud Service issues a user access token, the web application can use the access token to make calls to Oracle Identity Cloud Service to request the relevant user content.

Architecture

Your web application can integrate the with Oracle Identity Cloud Service using the OpenID Connect 1.0 protocol.

For demonstration purposes, this solution uses the Customer Quotes application. This illustration shows how an example Customer Quotes application integrates with Oracle Identity Cloud Service by using the OpenID Connect 1.0 protocol.

The following illustration shows how an example Customer Quotes application integrates with Oracle Identity Cloud Service by using the OpenID Connect 1.0 protocol. For security purposes, use three-legged flows to integrate your web application with Oracle Identity Cloud Service for authentication.

The example Customer Quotes integration consists of the following steps:

  1. The user requests a protected URL.

  2. Oracle Identity Cloud Service displays the Sign-In page.

  3. The user submits their login credentials.

  4. Oracle Identity Cloud Service issues an authorization code to the example Customer Quotes application.

  5. The example Customer Quotes application calls the Oracle Identity Cloud Service REST API endpoint to exchange the authorization code for a user access token.

  6. The example Customer Quotes application displays content for the user.

About Required Services, Products, and Roles

This solution requires the following services and products:

  • Oracle Identity Cloud Service

  • Customer Quotes Application

  • NetBeans IDE 8.1

  • Java SDK

After Oracle Identity Cloud Service validates the user's sign-in credentials, the user’s web browser is redirected to the Customer Quotes application, and the application receives an authorization code. Use the Customer Quotes application to communicate with Oracle Identity Cloud Service to exchange an authorization code for a user access token that allows the application to display the relevant user content.

These are the roles needed for Oracle Identity Cloud Service.

Role... Required to...
Identity Domain Administrator, Security Administrator, or Application Administrator Configure and activate web applications in Oracle Identity Cloud Service.

See Learn how to get Oracle Cloud services for Oracle Solutions to get the cloud services you need.