/
OAuth Configuration for Oracle Cloud

OAuth Configuration for Oracle Cloud

Owned by Karl Henselin
Last updated: Mar 12, 2025
5 min read

FlexDeploy supports the use of OAuth authentication for Oracle Integration Cloud. You can follow one of the 2 options for configuring OAuth.

  • Resource Owner

or

  • JWT User Assertion

 

Oracle Integration 3 instances only support OAuth authentication. Basic Auth cannot be used in FlexDeploy for v3 instances.

Resource Owner

Steps are:

  • Create a Confidential Application in Identity Console.

  • Create FlexDeploy Cloud Account under Integrations - Cloud.

Create a Confidential Application in Oracle Identity Console

  • Login to https://cloud.oracle.com and search for your Identity domain.

  • Click on Integrated applications, then click Add application to add new confidential application.

image-20240910-163025.png

  • Select Confidential Application and click Launch workflow.

image-20240214-083234.png

  • Give a meaningful name such as ‘FlexDeploy OAuth App’ and Click Next.

image-20240910-163233.png

  • On the Configure OAuth tab, select the following,

    • Resource Server Configuration, should be defaulted to Skip for later.

    • For Client Configuration, select Configure this application as a client now. Be sure to select the grant type of Resource Owner, Client Credentials

    • For Client Type, select Confidential. (Import certificate is not needed)

    • Token Issuance policy should be Specific. And Add scopes for your OIC Instances which you want to integrate using this application. Copy the scope that ends in /ic/api to notepad - see #7 in the second image below. Scope search works as Starts with (Case insensitive) for name or description and requires you to enter at least 3 characters.

image-20240910-163726.png
image-20240910-164029.png

  • You can accept the default values throughout the rest of the configuration and click Finish.

  • Click Activate.

image-20240910-164316.png

  • Copy the client id and secret that show up after completing the application (you can access this from the configuration tab as well)

image-20240910-164411.png

Create the Cloud Account in FlexDeploy

Note that you will need scope URL that was copied in previous step.

image-20240108-102445.png

JWT User Assertion

JWT User Assertion requires an ssl certificate to be uploaded to Oracle Cloud Infrastructure and referenced in FlexDeploy. The key can be self-signed or from a more trusted chain.

  • Create Oracle Identity Application with the JWT Assertion grant type

  • Add cer file to Partner Settings

  • Create FlexDeploy Cloud Account

For JWT User Assertion, we need a certificate to be generated from the endpoint where FlexDeploy server is going to execute the plugin operations for OIC/VBCS.

Generate certificate

If you already have a public/private key and their keystore location feel free to skip this step.

Continuing with this step, we assume you don’t have third party certificates and going to generate a self signed cert.

Keystore

Create the Keystore.

keytool -genkey -keyalg RSA -alias <your_alias ex FlexDeploySandbox> -keystore <keystore_file ex FDSandboxkeystore.jks> -storepass <new_keystore_pass> -validity 365 -keysize 2048

 if you don’t need to use password in the command, you can remove -storepass <new_keystore_pass>, it will prompt to enter the keystore password.

Export to generate a cert file. Make sure that the aliases are unique.

keytool -exportcert -alias <your_alias ex FlexDeploySandbox> -file <filename ex flexdeployad.cer> -keystore <keystore_file ex FDSandboxkeystore.jks> -storepass <keystore_pass> -rfc

Create Oracle Identity Application with the JWT Assertion grant type

image-20240214-061654.png
image-20240214-083234.png

  • Give it a meaningful name such as ‘FlexDeploy OAuth App’.

  • Click Next.

  • On the client configuration select Configure this application as a client now. Be sure to select the grant type of JWT Assertion, Client Credentials and add scopes for your OIC Instances where you want to use this application.

  • For Client Type, select Confidential. (Import certificate is not needed)

  • Copy the scope that ends in /ic/api to notepad

image-20240521-173514.png
image-20240521-173604.png

  • You can accept the default values throughout the rest of the configuration.

  • Copy the client id and secret that show up after completing the application (you can access this from the configuration tab as well)

  • Click Finish and activate your application

Add cer file to Partner Settings

We have configured the signing certificate in the Confidential Application, IDCS requires to configure the signing certificate as a Trusted Partner Certificate as well. Go to Settings → Partner Settings and Import the cer file. Make sure to use the same alias name used to generate the file(ex FlexDeployDev).

image-20240214-085008.png

Create FlexDeploy Cloud Account

Lastly you need to create a cloud account in FlexDeploy specifying your client application information as well as the certificate information.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Related content

The following macros are not currently supported in the footer:
  • style