Learn About Integrating a Web Application with Oracle Identity Cloud Service
One way to integrate your web application with Oracle Identity Cloud Service for authentication purposes is through industry-standard protocols and layers, such as OAuth 2.0 and OpenID Connect 1.0.
Most modern web application development frameworks support OpenID Connect 1.0 integration with OpenID Connect providers through out-of-the-box modules or libraries. This solution uses a Java Web application called Customer Quotes. Customer Quotes sends and receives HTTP requests to Oracle Identity Cloud Service REST API endpoints to acquire an identity token and an access token.
About OAuth 2.0 and OpenID 1.0 Connect
You can use OAuth 2.0 and OpenID Connect to integrate Oracle Identity Cloud Service with a custom application.
-
OAuth 2.0: An authorization protocol, commonly used for third-party authorization requests.
-
OpenID Connect 1.0: OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol.
Using the standard protocols, you can:
-
Develop a web application by using OAuth 2.0 and OpenID Connect 1.0 third-party libraries and frameworks.
-
Federate SSO between custom web applications and Oracle Identity Cloud Service. Users can sign in once to access all integrated applications. Oracle Identity Cloud Service performs authentication and credentials validation.
-
Authorize access to operations on third-party servers. After the user signs in and Oracle Identity Cloud Service issues a user access token, the web application can use the access token to make calls to Oracle Identity Cloud Service to request the relevant user content.
Architecture
Your web application can integrate the with Oracle Identity Cloud Service using the OpenID Connect 1.0 protocol.
For demonstration purposes, this solution uses the Customer Quotes application. This illustration shows how an example Customer Quotes application integrates with Oracle Identity Cloud Service by using the OpenID Connect 1.0 protocol.
The example Customer Quotes integration consists of the following steps:
-
The user requests a protected URL.
-
Oracle Identity Cloud Service displays the Sign-In page.
-
The user submits their login credentials.
-
Oracle Identity Cloud Service issues an authorization code to the example Customer Quotes application.
-
The example Customer Quotes application calls the Oracle Identity Cloud Service REST API endpoint to exchange the authorization code for a user access token.
-
The example Customer Quotes application displays content for the user.
About Required Services, Products, and Roles
This solution requires the following services and products:
-
Oracle Identity Cloud Service
-
Customer Quotes Application
-
NetBeans IDE 8.1
-
Java SDK
After Oracle Identity Cloud Service validates the user's sign-in credentials, the user’s web browser is redirected to the Customer Quotes application, and the application receives an authorization code. Use the Customer Quotes application to communicate with Oracle Identity Cloud Service to exchange an authorization code for a user access token that allows the application to display the relevant user content.
These are the roles needed for Oracle Identity Cloud Service.
| Role | Required to... |
|---|---|
Identity Domain Administrator, Security Administrator, or Application Administrator |
Configure and activate web applications in Oracle Identity Cloud Service. |
See Oracle Products, Solutions, and Services to get what you need.