A JSON Web Token (JWT - sometimes pronounced "jot") is a parameter that
is generated by one application and is passed to other integrated applications via a URL. In Fusion Applications it is used to hold the username for the current session. The
external application can then use this value to display appropriate data or to take context sensitive actions such as callbacks, preventing the need for repeated authentication or exposing dummy credentials. To be clear the purpose is to share information between integrated systems, and JWT is not a user authentication process.
JWT token text contains a set of claims. These are a
combination of standard and user-defined unique name:value pair fields. The target system parses the token as a JSON document and
takes the appropriate actions. In Fusion
Applications JWT tokens we include three mandatory fields along
with a single optional field (prn) where we put the username. The fields included are:
In this example, a Fusion Sales Cloud dashboard page has the 'Click Here' hyperlink added using Page Composer. This link has been configured using a JWT token so the target system will know the current user and display the appropriate data.The status bar region at the bottom shows the encrypted token string after the id_token URL parameter.
The configuration here allows you to select your existing 3rd Party Application as the base for the hyperlink (defined in Setup and Maintenance), here with the name "IDSystem". You then provide the remainder of the endpoint URL ("/oauth2/v1/tokeninfo"), and finally the token name (id_token).
The result, given here, is put into Expression Language as it includes calls to build the final link at runtime (on one line).
If you take the token text created a run-time and decode it (site), you'll see the claims output as described above. The generated JWT token is base64 encoded and also signed (MACed) using a standard algorithm and a common shared secret.
Firstly let's consider the use-cases related to the user interface, where we'd want to maintain the users own context as they navigate between different systems. To support this you can include JWT token generation as part of creating the following page customizations:
As mentioned above, a token could be used as part of enabling an integrated system to make callbacks with appropriate data. For example an external system might want to use web services to get a list of records associated with your Fusion Applications user, therefore getting this from the JWT token allows the external system to build the request payload data.
Obviously the JWT latest the lifetime of the user session (4 hour default) and do not replacing existing WS security
policies, as per guide documentation.
The following diagram is taken from the documents accompanying the OTN Sample Code for Sales Cloud Integration,
as found in the project zip entitled "Rich UI with Data Visualization Components
and JWT UserToken validation extending Oracle Sales Cloud– 1.0.1".
illustrates how the Sales Cloud user interface passes the JWT token in the URL as a
HTTP Request and the sample ADF application performs validation and then reuses
the token to perform a secured web service call back to Sales Cloud.
For User Interface implementations the following video illustrates the points where you can configure a JWT token.
In addition, this could be done using a Expression Language statement directly as given above, or if you are an Oracle Sales Cloud customer then you could use Groovy inside Application Composer, passing the result in the final URL string.
def JWTtoken = (new oracle.apps.fnd.applcore.common.