Integrate Custom Client Applications with OAuth 2.0 and OpenID Connect


Oracle Identity Cloud Service provides Identity
Management services that can be leveraged by any application in the cloud, using open
standard integrations. In this video, you will learn to integrate
your client and resource server applications with Identity Cloud Service’s federated
single sign on and authorization. In this integration, we use OAuth 2.0 and
OpenID Connect open standards. OAuth 2.0 provides authorization services
in the cloud with consent. OpenID Connect extends the OAuth standard
with federated single sign-on capabilities. By performing this integration, your applications
will provide secure access to users, even without having user data stored in their databases. All the user data, authentication, and authorization
will be provided by Oracle Identity Cloud Service during real time. To demonstrate the integration, we will use
the demo applications Customer Quotes and Sales Insight. Customer quotes is a web application accessed
by the sales team to gather information about their sales performance. Sales insight is a REST server that provides
information about sales to other applications, like Customer quotes. Since the sales information is confidential,
both Customer Quotes and Sales Insight require user authentication and authorization to display
information. First let’s integrate Customer Quotes with
Oracle Identity Cloud Service’s federated single sign on. With this integration, users can access applications
in the cloud with a single login provided by Oracle Identity Cloud Service. To perform the integration we first register
Customer Quotes as an application. A client id and client secret will be issued. These are the equivalent of a credential that
the client application will use to authenticate itself against Oracle Identity Cloud Service. Finally, we need to activate the application. Now that the application is active, we need
to update Customer Quotes with the client id, secret, and url from Oracle Identity Cloud
Service. The integration is now complete. Let’s launch the application and log in. After logging in, notice that the user information
is data provided by Oracle Identity Cloud Service. Due to single sign on, users also have direct
access to their profile information. Now that the Customer Quotes integration is
complete, let’s work on the Sales Insight application, a REST Service that provides information about
sales to other applications, like customer quotes. Customer Quotes needs to gather data on behalf
of the logged in user from Sales Insight, while Sales Insight needs to evaluate if the
request from Customer Quotes is legitimate. With Oracle Identity Cloud Service application
and scopes, you can protect both applications. We need to register Sales Insight as an application
in Oracle Identity Cloud Service. This is performed in a similar way as the
customer quotes application, except this time we need to add the allowed scopes for the
resources. Create one scope for each REST API call supported
by the Sales Insight service. As before you will be issued a client id and
client secret. Activate the application to complete the process. Now let’s visit the Customer Quotes application
and add the scopes from Sales Insight. Now that the Identity Cloud Service configuration
is complete, we need to update Sales Insight with the client id, secret, and URL from Oracle
Identity Cloud Service. The integration is now complete so let’s
access the Customer Quotes application. After login, click on Urgent Quotes. With this option, customer quotes needs to
make a REST call to Sales Insight. Oracle Identity Cloud Service receives an
access token request from Customer Quotes to access a Sales Insights REST API, on behalf
of the resource owner. Oracle Identity Cloud Service presents a consent
request to the user. This time, a user can allow Customer Quotes
to check their urgent quotes. After allowing consent, Oracle Identity Cloud
Service returns an access token that Customer Quotes passes along with the REST call to
Sales Insight. Sales Insight validates if the access token
is legitimate using a digital signature provided by Oracle Identity Cloud Service. If it is, it returns the quotes to the Customer
Quotes application that displays the results to the user. With Oracle Identity Cloud Service, you can
bring your applications to the cloud using OAuth 2.0 and OpenID Connect standards. Your applications don’t need user data,
since this data is provided by Oracle Identity Cloud Service during runtime. To learn more about these integrations, you
can download the sales insight and customer quotes applications from github and try our
tutorials. You can also use the applications as a template
to create, or update your own. Thank you for watching.

Leave a Reply

Your email address will not be published. Required fields are marked *