Creating a 3-legged OAuth Application in IDCS

March 16, 2019 | 3 minute read
Christopher Johnson
Director, Cloud Engineering
Text Size 100%:

Where is the simple "shake 'n' bake" / step by step guide to creating a 3-legged, Authorization Code flow OAuth client in IDCS?

Right here.

1: From the Dashboard in IDCS click the + under Applications to create a new Application

2: Select Confidential Application because we're creating a 3-legged app

3: Fill in the first screen

Only name is required, and if you aren't sure what the other fields mean that's all you should enter.

4: Configure the App

IDCS supports basically all of the OAuth 2 grant types so we need to tell it what kind of app we're using

On this screen you need to:

a. select "

b. select Authorization Code (since that's the kind of app we want)

c. Provide the Redirect URL. After the user logs in and IDCS creates an Authorization Code it will send the user's browser to this URL with that code as a query string parameter. If you don't know what should go here check your application's documentation.

5: Next your way through the "Resources", "Web Tier Policy", and "Authorization" screens

We don't need any of that for this application so just hit Next until you get to the last screen and can click the Finish button

6: Click finish and you will be shown the Client ID and Secret

NOTE: Don't go away, there's still one more step!

You are going to need these to configure your app so copy/paste these values somewhere safe.

7: Click Activate

By default IDCS creates new apps in a disabled / unactivated state. Until you click the Activate button your client app will not be able to talk to IDCS.

Click the Activate button in the upper right hand corner, and then click the green Activate button

8: Note the green status bar telling you that you're all set

Congratulations! You've created your first OAuth client in IDCS.

Your app can now force users to log in via IDCS and you can figure out who the user is. Apps that use IDCS as their OAuth server can do quite a bit more, but that's a subject for another post.

Christopher Johnson

Director, Cloud Engineering

Former child, Admiral of the bathtub navy, noted author and mixed medium artist (best book report, Ms Russel's 4th grade class, and macaroni & finger paint respectively), Time Person of the Year (2006), Olympic hopeful (and I keep hoping), Grammy Award winner (grandma always said I was the best), and dog owner.

Previous Post

IP Address Whitelisting in Oracle Identity Cloud Service

Andre Correa Neto | 5 min read

Next Post

3 Steps to kick-start OCI monitoring in CASB

Uday Sambhara | 4 min read