Understanding OAuth 2 Authentication in Oracle EPM Cloud


Oracle’s Enterprise Performance Management (EPM) Cloud now supports OAuth 2 authentication for REST APIs in Oracle Cloud Infrastructure (OCI) / Gen 2 environments. This enhancement is a significant step forward in securing and simplifying API interactions by eliminating the need for password-based authentication. Here’s a detailed look at how to set up and use OAuth 2 authentication in Oracle EPM Cloud.

Setting Up OAuth 2 Authentication

The process involves several key steps:

  1. Register an OAuth Client: This is a one-time setup requiring interaction with the IDCS Administrator. The client application is registered in IDCS to obtain an access token, which is crucial for authorizing REST API calls.
  2. Obtain the First Refresh Token: This step also requires user interaction. A refresh token is essential for obtaining an access token and must be securely stored.
  3. Obtain an Access Token from the Refresh Token: This step can be automated and does not require user interaction. The access token is used as authorization to invoke REST APIs.

Detailed Steps for Implementation

  1. Registering an OAuth Client: The IDCS Administrator registers a client application in IDCS, authorizing it to access Oracle Cloud resources. This involves updating the service provider configuration and selecting appropriate grant types.
  2. Obtaining the First Refresh Token: The user issues an unauthenticated request to the Identity Cloud Service URL to get a valid refresh token. This involves using a curl command with specific parameters and headers.
  3. Obtaining an Access Token: Using the latest refresh token and client ID, the REST client issues a request to get a new access token. This token is then used as authorization while invoking REST APIs.

Security Considerations

It’s crucial to securely encrypt and store the client ID and any tokens. The REST client must ensure the secure storage of the refresh token and client ID. For EPM Automate, an epw file is used for this purpose.

Using the Access Token

To invoke an EPM Cloud REST API, the REST client must provide the access token in the authorization header. For example, to get the Automated Maintenance Window start time, a GET request is submitted to the EPM Cloud endpoint using the access token.

FAQs and Troubleshooting

The blog post also addresses common questions and issues related to OAuth 2 setup in Oracle EPM Cloud, such as the validity of configurations set up before EPM Cloud Release 23.07, modifying the expiry time of a refresh token, and handling various errors.

In summary, the integration of OAuth 2 authentication in Oracle EPM Cloud for OCI environments enhances security and streamlines the process of interacting with REST APIs. By following the outlined steps, users can effectively set up and manage OAuth 2 authentication in their Oracle EPM Cloud environments.

Kelly Adams
Kelly Adams
Kelly is an expert in Oracle Enterprise Performance Management (EPM), skilled in implementing and optimizing this tool for enhanced business performance. Her expertise encompasses system customization, user training, and staying abreast of the latest EPM technologies. Kelly's proficiency in Oracle EPM is a valuable asset to organizations aiming to leverage technology for improved decision-making and process efficiency.


Please enter your comment!
Please enter your name here

Share post:




More like this

Essential Tips for Oracle EPM Cloud Implementation Success

Embarking on an Oracle EPM Cloud implementation can revolutionize...

Oracle EPM 11.1 2.4 Install Guide & Troubleshooting Tips

Embarking on an Oracle EPM 11.1 2.4 installation journey...

Maximize Oracle EPM: Essential Tax Reporting Best Practices

Navigating the complexities of tax reporting can be a...

Easy Oracle EPM Installation Guide & Troubleshooting

Embarking on the Oracle EPM installation journey? You're...