Go to OneCloud
All Collections
Integration Studio Premium BizApps
Oracle Content and Experience
Oracle Identity Cloud OAuth Setup

Oracle Identity Cloud OAuth Setup

This article will highlight steps for configuration 2-Legged Authentication within the Oracle Cloud technologies.
OneCloud Documentation avatar
Written by OneCloud Documentation
Updated over a week ago

⚠️ OneCloud provides the following setup and configuration to help expedite use of the OneCloud Oracle Content and Experience Cloud BizApp by configuring a default authentication deployment. Actual screens may vary depending on your Oracle deployments and security access. If you uncover any differences in this configuration guide, please contact us at support@onecloud.io.

Find the IDCS URL

  • When logged into Oracle Cloud, click Hamburger menu and navigate to:
    Governance and Administration ➡️ Identity ➡️ Federation

  • Click OracleIdentityCloudService

  • You will see a section, Oracle Identity Cloud Service Console:

  • This is the base URL that is required for the OneCloud BizApp Connection

Create an OAuth Client & Acquire a Client ID and Secret

  • Go to the IDCS administration console using the URL from the previous step.

  • Click to add a new application in the Applications section.

  • Select Confidential Application.

  • Give the application a name and, optionally, a description, and press Enter.

  • Choose to configure this application as a client.

  • Select the client credentials grant type on the Authorization screen.

  • Scroll down to the Token Issuance Policy section

    • Under Resources, click add scope to give the application access to the required Oracle Content and Experience instance.

  • Click the right arrow to select the scope.

    • The only scope required is the one ending in: urn:opc:cec:all

  • Click Next until the end of the train. The Resources, Web Tier Policy, and Authorization stops are related to applications that have some resource authenticated or authorized by IDCS; for example, a web application. This isn’t relevant in the case of a simple server-server client, which is discussed here.

  • Click Finish.

  • Keep track of the Client ID and Client Secret values because they are needed to get a token later.

  • Check Activate and then click Save to enable the application.

Add OAuth Client Application to Content Cloud Instance

  • Go to IDCS Admin Console (full URL from "Find your IDCS URL" step)

  • Click Hamburger menu, Select Oracle Cloud Services

  • Click your Content Cloud instance

  • Click Application Roles

  • Click CECRepositoryAdministrator ➡️ Assign Applications.

Description of access-rest-apis.png follows

  • Select the application that was created in the previous step.

  • Repeat the steps for the roles CECEnterpriseUser and CECContentAdministrator.

  • Save the changes.

Find your Primary Audience URL

  • From IDCS Console, select the hamburger menu

  • Select Applications

  • Click your OAuth Application

  • Click Configuration, and expand Client Configuration section then scroll down to Token Issuance Policy ➡️ Resources

  • The displayed scopes base-url (https://<base-url>:443/urn:opc:cec:all) is the Primary Audience Domain required by the OneCloud BizApp connection

Find the Oracle Content Cloud Domain

  • From Oracle Cloud console select Application Integration ➡️ Content and Experience

  • Click your instance to Open Instance

  • The base-url (https://<base-url>/documents) from the URL displayed in your browser is the Content Cloud Instance required by the OneCloud BizApp connection.

Add the Oauth User to Folders

  • Select an existing folder or create a new folder.

  • Click Members

  • Add the OAuth application name as a member with the required permissions

Did this answer your question?