Oracle’s Enterprise Performance Management (EPM) Cloud now supports OAuth 2 authentication for REST APIs in Oracle Cloud Infrastructure (OCI) / Gen 2 environments. This enhancement is a significant step forward in securing and simplifying API interactions by eliminating the need for password-based authentication. Here’s a detailed look at how to set up and use OAuth 2 authentication in Oracle EPM Cloud.
Setting Up OAuth 2 Authentication
The process involves several key steps:
- Register an OAuth Client: This is a one-time setup requiring interaction with the IDCS Administrator. The client application is registered in IDCS to obtain an access token, which is crucial for authorizing REST API calls.
- Obtain the First Refresh Token: This step also requires user interaction. A refresh token is essential for obtaining an access token and must be securely stored.
- Obtain an Access Token from the Refresh Token: This step can be automated and does not require user interaction. The access token is used as authorization to invoke REST APIs.
Detailed Steps for Implementation
- Registering an OAuth Client: The IDCS Administrator registers a client application in IDCS, authorizing it to access Oracle Cloud resources. This involves updating the service provider configuration and selecting appropriate grant types.
- Obtaining the First Refresh Token: The user issues an unauthenticated request to the Identity Cloud Service URL to get a valid refresh token. This involves using a
curlcommand with specific parameters and headers. - Obtaining an Access Token: Using the latest refresh token and client ID, the REST client issues a request to get a new access token. This token is then used as authorization while invoking REST APIs.
Security Considerations
It’s crucial to securely encrypt and store the client ID and any tokens. The REST client must ensure the secure storage of the refresh token and client ID. For EPM Automate, an epw file is used for this purpose.
Using the Access Token
To invoke an EPM Cloud REST API, the REST client must provide the access token in the authorization header. For example, to get the Automated Maintenance Window start time, a GET request is submitted to the EPM Cloud endpoint using the access token.
FAQs and Troubleshooting
The blog post also addresses common questions and issues related to OAuth 2 setup in Oracle EPM Cloud, such as the validity of configurations set up before EPM Cloud Release 23.07, modifying the expiry time of a refresh token, and handling various errors.
In summary, the integration of OAuth 2 authentication in Oracle EPM Cloud for OCI environments enhances security and streamlines the process of interacting with REST APIs. By following the outlined steps, users can effectively set up and manage OAuth 2 authentication in their Oracle EPM Cloud environments.
