My Oracle Support Banner

Oracle REST Data Services Demo - Authentication OAUTH2 Client Credentials / Two Party (Doc ID 2305958.1)

Last updated on SEPTEMBER 20, 2017

Applies to:

Oracle REST Data Services - Version 3.0 and later
Information in this document applies to any platform.

Purpose

 This is the third in a series of documents that provide a tutorial on creating ORDS based REST services for ORDS standalone.

  

While much of this information applies to other supported web servers, there are differences in the requirements and set up for these web servers. Where possible these differences will be noted. As a best practice, it is recommended that REST services be configured and tested in standalone ORDS prior to deploying in other supported web servers: Weblogic, Glassfish and Tomcat.


For the purpose of this series the following assumptions are made:

* All testing / set up will be done with standalone ORDS in HTTP.
* Standalone has been modified to accept http requests for REST:

<entry key="security.verifySSL">false</entry>

* A schema named testords exists and contains the EMP table.
* The REST service described <Note 2297021.1> - Oracle REST Data Services Demo - Create a REST Service: has been created and is running successfully.
* First party authentication has been set up and works correctly according to: Note 2305632.1 - Oracle REST Data Services Demo - Authentication (First Party).
* Curl has been installed, configured and runs successfully. For details on the download and set up, see:
   http://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/objectstorage/restrict_rw_accs_cntainers_REST_API/files/installing_curl_command_line_tool_on_windows.html

Scope

OAuth 2 revolves around registering clients, which represent a person or an application wanting to access the resource, then associating those clients to roles. Once the client is authenticated, it has access to the protected resources associated with the roles. This demo is based on the client credentials flow. Client credentials flow is a two-legged process that is used to return an access token, which is then used to authenticate calls to protected resources. This is a "proof of concept" example, but in reality the authentication steps would be automated by the application.

 

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details
 Client Creation
 Calling the REST Service Using the Access Token
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.