FlexDeploy supports the use of OAuth authentication for various Oracle Cloud related application and services. You can follow one of the 2 options for configuring OAuth: Resource Owner and JWT Assertion. This details are currently applicable for following plugins.

• Oracle Analytics Cloud Plugin

For both options, you will need to create Confidential Application in Oracle Identity domain. See detailed steps below. For additional context see https://docs.oracle.com/en-us/iaas/Content/Identity/applications/add-confidential-application.htm.

Resource Owner

• Login to https://cloud.oracle.com and search for your Identity domain.

• Click on Integrated applications, then click Add application to add new confidential application. Select Confidential Application and click Launch Workflow.

• Give a meaningful name such as ‘FlexDeploy OAC Dev OAuth’ and Click Next.

• On the Configure OAuth tab, select the following,

  • Resource Server Configuration, should be defaulted to Skip for later.

  • For Client Configuration, select Configure this application as a client now.

    • Be sure to select the grant type of Resource Owner, Client Credentials. Also, select Refresh Token to allow use of refresh token if access token has expired to get new access token.

    • For Client Type, select Confidential, which is default selection. (Import certificate is not needed)

    • Token Issuance policy should be Specific.

    • Check Add scopes for your resources which you want to integrate using this application. Select specific scope, copy the scope to notepad for use later. See #10 in the second image below. Scope search works as Starts with (Case insensitive) for name or description and requires you to enter at least 3 characters.

    • Click Add on Add scope popup.

    • Then click Next.

• You can accept the default values throughout the rest of the configuration and click Finish.

• Click Activate.

• You can copy Client Id and Client Secret shown below for use with FlexDeploy integration instance configuration.

• Now you can configure FlexDeploy Integration Instance as shown below and use it for build/deploy processes.

JWT Assertion

To use JWT Assertion, you need both a private key and a certificate. The certificate must be uploaded to Oracle Cloud Infrastructure and referenced in FlexDeploy. The private key can either be self-signed or issued by a trusted certificate authority.

See Credential Type - Private Key and Credential Type - Certificate for details on how to generate Private Key and Certificate for this setup. You will also need to upload .cer file (Certificate) to Oracle Cloud Identity service settings.

• Login to https://cloud.oracle.com and search for your Identity domain.

• Click on Integrated applications, then click Add application to add new confidential application. Select Confidential Application and click Launch Workflow.

• Give a meaningful name such as ‘FlexDeploy OAC Dev OAuth’ and Click Next.

• On the Configure OAuth tab, select the following,

  • Resource Server Configuration, should be defaulted to Skip for later.

  • For Client Configuration, select Configure this application as a client now.

    • Be sure to select the grant type of JWT assertion, Client Credentials. Also, select Refresh Token to allow use of refresh token if access token has expired to get new access token.

    • For Client Type, select Confidential, which is default selection. (Import certificate is not needed)

    • Token Issuance policy should be Specific.

    • Check Add scopes for your resources which you want to integrate using this application. Select specific scope, copy the scope to notepad for use later. See #10 in the second image below. Scope search works as Starts with (Case insensitive) for name or description and requires you to enter at least 3 characters.

    • Click Add on Add scope popup.

    • Then click Next.

• You can accept the default values throughout the rest of the configuration and click Finish.

• Click Activate.

• You can copy Client Id and Client Secret shown below for use with FlexDeploy integration instance configuration.

• Now we need to upload certificate to Partner Settings.

  • Go to your Identity Domain.

  • Client Settings, then click Trusted partner certificates.

  • Click Import certificate and upload .cer file. Click Import.

• Now you can configure FlexDeploy Integration Instance as shown below and use it for build/deploy processes.

  • Generated Private Key and Certificate should be uploaded to FlexDeploy Credential store for use with Integration Instance. This can be done directly from Private Key and Certificate drop down on Integration Instance page.