Different ways to consume OIC Endpoints using OAuth authentication
In previous blog we checked different options to consume Fusion SaaS API using OAuth authentication. Below is the link for the same for your reference
In this blog we will see different ways OIC endpoint can be consumed using OAuth Configurations.
Note- In both the options the domain URL is the URL of domain tied to your OIC instance for which you want to call endpoints.
A) Get domain details.
Login to OCI -> Identity and Security -> Domains -> Appropirate Domain
In my example I had seperate domain for OIC instances.
Copy the domain URL as this will be needed later to create the API to authorize and get token.
Option 1 — Creating confidential application of type Authorization Code for this option.
B.1 ) Create confidential application.
This confidential application will be created as resource as we all as client
Go to domain -> Integrated Application -> Add Application
Select
- Confidential Application — Launch workflow
- Provide app name -> Hit Next
- Select Configure this application as a resource server now
- Access token expiration (seconds) as 3600
- Check Allow token refresh
- Keep the Refresh token expiration (seconds) as 604800
- Enter the Runtime URL for the OIC Instance as below in Primary audience
https://runtime_OIC_URL:443
How to get this URL:
In OCI -> Go to your integration instances properties and check the Runtime URL
- Select Configure this application as a client now
- Select Grant Type as Authorization Code and Refresh Token
- Enter redirect URL as
https://runtime_OIC_URL/icsapis/agent/oauth/callback
- Select other parameters as seen below in screenshots.
Click on Add Resource -> Add Scope -> Select the OIC Instances for which you want to expose rest API as shown below
Note: Save the scope ending with ::all as it will required later while configuring connection in OIC.
Activate the client application. Save the client id and client secret it will required for configuring connection in OIC.
B.2 ) Assigning roles to application.
Go to same domain tied to OIC instance -> Oracle Cloud Services -> Click on OIC Instance.
Click on Application Roles and add this confidential application as Service Invoker and Service Developer role
C) Setups in OIC.
Create REST Connection in OIC with below details. Provide consent and test and save.
Connection URL: https://XXXX.integration.ca-toronto-1.ocp.oraclecloud.com
This is the runtime URL for OIC Instance.
Security Policy: OAuth Authorization Code Credentials
Client Id and Client Secret that we received from Step B.1)
Authorization Code URI: https://idcs-XXXX.identity.oraclecloud.com:443/oauth2/v1/authorize
Access Token URI: https://idcs-XXXX.identity.oraclecloud.com:443/oauth2/v1/token
Part of this token URL is obtained from Step A above.
Scope:
https://YYYY.integration.ca-toronto-1.ocp.oraclecloud.com:443urn:opc:resource:consumer::all offline_access
This is the same scope which was selected while configuring the confidential application above.
For SOAP Adapter In Optional Security -> Select Client Authentication as client_credentials_in_bodyOption 2— Creating confidential application of type Client Credentials for this option.
D.1 ) Create confidential application.
This confidential application will be created as client application
Go to domain -> Integrated Application -> Add Application
Select
- Confidential Application — Launch workflow
- Provide app name -> Hit Next
- Select Configure this application as a client now
- Select Grant Type as Client Credentials and Refresh Token
- Select other parameters as seen below in screenshots.
Click on Add Resource -> Add Scope -> Select the OIC Instances for which you want to expose rest API as shown below
Note: Save the scope ending with ::all as it will required later while configuring connection in OIC.
Activate the client application. Save the client id and client secret it will required for configuring connection in OIC.
D.2 ) Assigning roles to application.
Go to same domain tied to OIC instance -> Oracle Cloud Services -> Click on OIC Instance.
Click on Application Roles and add this confidential application as Service Invoker and Service Developer role
E) Setups in OIC.
Create REST Connection in OIC with below details. Save and test the connection.
Connection URL: https://XXXX.integration.ca-toronto-1.ocp.oraclecloud.com
This is the runtime URL for the OIC Instance
Security Policy: OAuth Client Credentials
Access Token URL: https://idcs-XXXX.identity.oraclecloud.com:443/oauth2/v1/token
Part of this token URL is obtained from Step A above.
Client Id and Client Secret that we received from Step D.1)
Scope:
https://YYYY.integration.ca-toronto-1.ocp.oraclecloud.com:443urn:opc:resource:consumer::all
This is the same scope which was selected while configuring the confidential application above.
For SOAP Adapter In Optional Security -> Select Client Authentication as client_credentials_in_body
Hope you enjoyed reading this.
