1. Developing Applications with Oracle Visual Builder in Oracle Integration Generation 2
  2. Connect Applications to Data
  3. Work with Services
  4. Manage Backends in Your Visual Application
  5. Set the Backend's Authentication Method and Connection Type
  6. How Does the Fixed Credentials Authentication Method Work?

How Does the Fixed Credentials Authentication Method Work?

An authentication method that uses fixed credentials passes a fixed identity to the service, ignoring the signed-in end user's identity or credentials. All requests to the service use the same app ID for authentication.

For example, if the logged-in user is abc.xyz, but the backend is using Basic Auth with the user credentials def.xyz, the REST APIs connected by the backend will see only def.xyz in their Authorization headers.

Here are the authentication methods that use fixed credentials:

Authentication methods Description

None

Select this for services that don't need authentication and don't accept Authorization headers.

Basic

Select this for services that require a fixed username and password for authentication. The signed-in user's credentials aren't used for authentication. This option uses the Visual Builder authentication proxy, irrespective of the connection type you choose.

Note:

Basic authentication is not supported in US government realms.

Due to the limitations of basic authentication, it's recommended that you use this method during development only, and here's why: Suppose you set basic authentication with a particular username and password, and later need to revoke the basic authentication for one specific application. Your only option is to revoke that particular user, which affects all applications that use basic authentication for that user.

OAuth-based methods use scopes (with the client identifier and client secret) to offer you better control for managing credentials.

OAuth 2.0 Client Credentials

This method is recommended if you want to use a fixed credentials method and the service supports OAuth 2.0 Client Credentials. This method is part of the OAuth 2.0 grant types and is used for application-to-application authentication scenarios where you don't need a specific user's credentials to connect to the service.

Consult the service’s OAuth 2.0 documentation for the values for the Client ID, Client Secret and token URL fields. If no values are supplied, they are interpreted as the visual application's client ID and secret, and the token URL is interpreted as IDCS's token URL.

OAuth 2.0 Resource Owner Password Credentials

This method is part of the OAuth 2.0 grant types and is used when you need a specific user’s credentials to connect to the service.

Consult the service’s OAuth 2.0 documentation for the values for the Client ID, Client Secret and token URL fields. If no values are supplied, they are interpreted as the visual application’s client ID and secret, and the token URL is interpreted as IDCS’s token URL.
OCI Signature Authentication

This method uses a signature method to create an Application ID flow using a single Oracle Cloud Infrastructure (OCI) user to connect to OCI endpoints. All requests go through a proxy because of the requirement to sign the outgoing message.

To use this authentication in Visual Builder, you'll need these user details from the OCI console:
  • Fingerprint of the public key associated with your OCI account, available on the Profile > User Settings page. Click API Keys and copy the fingerprint value.
  • User's OCID, available on the Profile > User Settings page. The OCID is shown under User Information; click Copy to copy it to your clipboard.
  • Tenancy's OCID, available on the Administration > Tenancy Details page. The OCID is shown under Tenancy Information; click Copy to copy it to your clipboard.
  • The contents of your certificate's private key in PEM format.
For more information, see Request Signatures in the OCI documentation.
Once you have the details of the OCI user you want to use to connect to OCI endpoints, set up authentication in Visual Builder as follows:
  1. Select Oracle Cloud Infrastructure API Signature 1.0 as the authentication method.
  2. Click Enter the API Key and Private Key (Enter the API key and private key icon).
  3. Construct the API key in the following format, then copy and paste it as the API Key:

    tenancy-ocid/user-ocid/fingerprint

  4. Paste the PEM file contents as the Private Key. Copy the entire file, starting with -----BEGIN PUBLIC KEY----- right up to -----END PUBLIC KEY-----.
  5. Select Always use proxy, irrespective of CORS is selected as the connection type.

The Connection Type indicates how the actual REST API should be connected to: directly from the web app’s JavaScript or from the server proxy. You should make this decision based on the CORS support your REST API has.

Note:

When using the fixed credentials authentication method, keep in mind these limitations:
  • When using the OAuth 2.0 authentication method, which uses token relay, you're limited by what the browser can send and receive.
  • When using a proxy you're limited by the browser as stated above, with the exception of Oracle Cloud Infrastructure API Signature 1.0. For this method, the maximum message body size is two gigabytes (because the proxy needs to cache the entire message to sign it).
  • When using a proxy, the REST call will time out after 234 seconds if no data has been sent.