Learn About Authenticating an Application with Oracle Identity Cloud Service by Using the Node.js SDK
When you want to develop a Node.js web application that use the Oracle Identity Cloud Service authentication mechanism, use the Node.js SDK. This SDK facilitates your work because it encapsulates all REST API endpoint calls that you need to authenticate users with Oracle Identity Cloud Service.
Oracle Identity Cloud Service provides identity management, single sign-on (SSO), and identity governance for your applications. It also provides the security platform for Oracle Cloud, which lets you securely and easily access, develop, and deploy your applications. Oracle Identity Cloud Service can function as an identity provider, centralizing the authentication mechanism, handling all password management responsibilities, and providing SSO for your applications.
Oracle provides a sample application that you can integrate with Oracle Identity Cloud Service for authentication. This application was developed using the express and passport framework.
The sample Node.js web application consists of two types of content:
-
Pages that are publicly accessible
-
Private pages that verify the existence of an Oracle Identity Cloud Service user access token in the session that the user has with the application
Architecture
The following architecture diagram illustrates how the Node.js web application uses the SDK library to perform a three-legged OpenID Connect authentication flow with Oracle Identity Cloud Service.
This authentication flow is an OAuth 2.0 authorization flow based on the authorization code grant type. By using this grant type, a user must sign in to Oracle Identity Cloud Service. After the user is signed in, the user can access other applications that are protected by Oracle Identity Cloud Service without the need to reauthenticate.
The data flow happens this way:
-
The user requests a protected URL.
-
Oracle Identity Cloud Service displays the Sign In page.
-
The user submits their sign-in credentials.
-
Oracle Identity Cloud Service issues an authorization code to the Node.js application through the web browser.
-
The Node.js application uses the SDK to exchange the authorization code for a user access token.
-
The Node.js application displays content for the user. For subsequent logins, the user access token calls Oracle Identity Cloud Service REST APIs to get more detailed information about the user.
The sample Node.js web application isn't meant to be used in a production environment, and isn't concerned about the languageās best practices, such as data handling, patterns, or security. Its only purpose is to address the recommended approach to integrate Oracle Identity Cloud Service and a Node.js web application using the SDK.
About Required Services and Roles
This solution requires Oracle Identity Cloud Service.
These are the roles needed for Oracle Identity Cloud Service.
| Role | Required to... |
|---|---|
| Security administrator | Access the Downloads page of the Identity Cloud Service console. From this page, you can download the Java SDK. |
| Application administrator | Manage applications in Oracle Identity Cloud Service. This includes registering the sample Java application with Oracle Identity Cloud Service. |
See Learn how to get Oracle Cloud services for Oracle Solutions to get the Oracle Identity Cloud Service.