1. Use Oracle Identity Cloud Service SDKs for application authentication
  2. Learn About Authentication Between Web Applications and Oracle Identity Cloud Service

Learn About Authentication Between Web Applications and Oracle Identity Cloud Service

You’re ready to learn about the following:

  • When to use Oracle Identity Cloud Service SDKs

  • How these SDKs work

  • What you should know, have, or use before using the SDKs

  • Whether to use the Java, Node.js, or Python SDK

When to Use Oracle Identity Cloud Service SDKs

Suppose you want to develop Java, Node.js, or Python web applications, and deploy these applications to either an on-premises server or a cloud-based platform service, such as Oracle Application Container Cloud Service. You want Oracle Identity Cloud Service to handle the authentication responsibilities for your web applications. You can do this by using Oracle Identity Cloud Service SDKs.

These SDKs have been tested by Oracle. The SDKs wrap all REST API endpoint calls that need to be made by the applications to authenticate users with Oracle Identity Cloud Service.

Other advantages of using SDKs include:

  • Streamlining the communication between your web applications and Oracle Identity Cloud Service

  • Simplifying how your web applications exchange authorization codes for user access tokens to identify registered users in Oracle Identity Cloud Service

  • Enabling your users to access your web applications through SSO provided by Oracle Identity Cloud Service

Understand how Oracle Identity Cloud Service SDKs Work

The Java SDK is a collection of classes and methods, and the Node.js and Python SDKs contain files and functions. These collections are assembled as libraries and frameworks. All you have to do is include the SDK library or framework in your application's project, and then compile and deploy the application to an application server or container.

Before using the SDK, you must register your application as a trusted application in Oracle Identity Cloud Service. Oracle Identity Cloud Service generates a Client ID and Client Secret for your application. The Client ID and Client Secret are equivalent to a credential (for example, an ID and password) that the SDK uses to communicate with Oracle Identity Cloud Service.

To communicate with Oracle Identity Cloud Service, the SDK also requires other details, such as:

  • Audience service URL: The URL of your Oracle Identity Cloud Service instance (for example, https://idcs-abc123456789.identity.oraclecloud.com)

  • Scope: The access that your application needs when communicating with Oracle Identity Cloud Service to authenticate users (for example, openid)

  • Redirect URL: The application's callback URL, which is used by Oracle Identity Cloud Service to redirect the web browser to the user after the user signs in (for example, http://localhost/callback)

Before You Begin

The Oracle Identity Cloud Service Java, Node.js, and Python SDKs use third-party libraries. Each SDK has been validated to work with specific versions of these libraries.

Before using an SDK, verify that the third-party libraries associated with the SDK don't conflict with any other library that your web application may be using. Also, you should have the following:

  • A basic knowledge of the Java, Node.js, or Python programming languages to understand the logic of the code associated with each SDK

  • The SDK that's associated with the language of your application

  • Access to an instance of Oracle Identity Cloud Service

  • An identity domain administrator or application administrator account in Oracle Identity Cloud Service so that you can register your web application as a trusted application

Decide Which SDK to Use

If you're developing a Java, Node.js, or Python web application, and you want to use Oracle Identity Cloud Service as your application's authentication mechanism, then use the SDK that's associated with the language of your application.

If you have an identity domain administrator or security administrator account in Oracle Identity Cloud Service, then you can download SDKs from the Downloads page of the Identity Cloud Service console. To do so:

  1. In the Identity Cloud Service console, expand the Navigation Drawer, click Settings, and then click Downloads.

  2. In the Downloads page, click Download to the right of the SDK that you want to download.

You can download SDKs, as zip files, for the following languages:

  • Java: This zipped file contains a JAR library file. You must add this file into your application's lib folder or install it into the application server where you deploy your application.

  • Node.js: This zipped file contains a passport strategy folder that you must include as part of the node_modules folder of your application.

  • Python: This zipped file contains two python files: IdcsClient.py and Constants.py. You must add these files to your application's project.

To understand how to use each SDK, Oracle provides a sample web application for each of these languages. The sample application implements two use cases: one for authenticating a user with Oracle Identity Cloud Service, and the other for accessing detailed information from the logged-in user.