Before we get started, Let's understand...
What is Oauth 2.0 Authentication?
OAuth 2.0 (Open Authorization 2.0) is an industry-standard authorization framework that allows third-party applications to access a user's resources (like their data or services) on another platform, without exposing the user's credentials. Instead of sharing usernames and passwords with a third-party application, users authenticate through a trusted authorization provider.
OAuth 2.0 issues tokens (access tokens) that the third-party application uses to access resources securely.
This token-based authentication eliminates the need to share passwords directly and allows fine-grained control over what resources a third-party app can access, and for how long.
OAuth 2.0 is widely adopted across many applications and services because it’s more secure, flexible, and user-friendly than traditional authentication methods.
How OAuth 2.0 Works in Simple Terms
1. User Login: A user logs in to a service via OAuth 2.0, granting permission for a third-party app to access specific resources on their behalf.
2. Token Issuance: Once permission is granted, the authorization server issues an access token.
3. API Access: The third-party application uses this access token to access protected resources (e.g., user data or APIs) from the resource server.
4. Token Validation: The resource server validates the access token before allowing access to the requested data.
OAuth 2.0 provides a secure, flexible, and user-friendly way to authorize applications without exposing sensitive user credentials.
Why OAuth 2.0 Is Ideal for Oracle APEX Applications
Oracle APEX provides a powerful platform for building web applications that integrate with databases, APIs, and external systems. By integrating OAuth 2.0 with your Oracle APEX application, you ensure that the data remains secure and accessible only to authorized users.
With OAuth 2.0, Oracle APEX applications can:
Step 1: Set Up Oracle APEX RESTful Services
1. Login to Oracle APEX:
2. Create a RESTful Web Service:
Here you can fetch the data after providing an access token.
Conclusion
Implementing OAuth 2.0 authentication in your Oracle APEX applications is an essential step towards enhancing both security and user experience. By following the steps outlined in this guide, you can easily set up OAuth 2.0 authentication for your REST API and connect to various external services without compromising sensitive user credentials.
OAuth 2.0 (Open Authorization 2.0) is an industry-standard authorization framework that allows third-party applications to access a user's resources (like their data or services) on another platform, without exposing the user's credentials. Instead of sharing usernames and passwords with a third-party application, users authenticate through a trusted authorization provider.
OAuth 2.0 issues tokens (access tokens) that the third-party application uses to access resources securely.
This token-based authentication eliminates the need to share passwords directly and allows fine-grained control over what resources a third-party app can access, and for how long.
OAuth 2.0 is widely adopted across many applications and services because it’s more secure, flexible, and user-friendly than traditional authentication methods.
How OAuth 2.0 Works in Simple Terms
1. User Login: A user logs in to a service via OAuth 2.0, granting permission for a third-party app to access specific resources on their behalf.
2. Token Issuance: Once permission is granted, the authorization server issues an access token.
3. API Access: The third-party application uses this access token to access protected resources (e.g., user data or APIs) from the resource server.
4. Token Validation: The resource server validates the access token before allowing access to the requested data.
OAuth 2.0 provides a secure, flexible, and user-friendly way to authorize applications without exposing sensitive user credentials.
Why OAuth 2.0 Is Ideal for Oracle APEX Applications
Oracle APEX provides a powerful platform for building web applications that integrate with databases, APIs, and external systems. By integrating OAuth 2.0 with your Oracle APEX application, you ensure that the data remains secure and accessible only to authorized users.
With OAuth 2.0, Oracle APEX applications can:
- Integrate easily with third-party services like Microsoft Azure,Slack, Twitter.
- Provide secure access to APIs without handling sensitive user credentials.
- Ensure flexible and granular permission settings, allowing users to control which parts of their data are accessible.
- Enable a user-friendly experience by leveraging SSO and external authentication mechanisms.
Step 1: Set Up Oracle APEX RESTful Services
1. Login to Oracle APEX:
- Go to your Oracle APEX workspace.
2. Create a RESTful Web Service:
- Navigate to SQL Workshop → RESTful Services → Module → Create Module.
- Give Module Name, Base Path and click Create. Note: Give " / " Before and After in Base Path as shown in the image.
- Click on Create Templete.
- Define URI Template and Click Create Template.
- To create handler, Select GET HTTP Method and Provide source code from where you want to fatch the data.
- Navigate to left pane → Roles → Create Roles.
- Here we just need to define Role Name and Click on Create Role.
- Navigate to Left Pane → Privileges → Create Privilege.
- Provide Privilege Name,Role Name and Module Name - which we just created and Click Create Privilege.
- Run the Following PL/SQL code to Create Client in your SQL Command:
- Run the Follwing PL/SQL code to Get the Client ID and Client Secret.
- select client_ID,client_secret from user_ords_clients where name = 'Get_Employees';
OAUTH.CREATE_CLIENT(
p_name => 'Get_Employees',
p_grant_type => 'client_credentials',
p_owner => 'demo',
p_description => 'oauth client user',
p_support_email => 'abc@gmail.com',
p_privilege_names => 'privilege_employee');
OAUTH.GRANT_CLIENT_ROLE(
p_client_name => 'Get_Employees',
p_role_name => 'role_employee'
);
COMMIT;
END;
- Go to your Postman Workspace, Right Click on three dots and select Add Request.
- Select POST Method from the List and Provide URL to Generate Token.
- URL is divided in two parts:
1. Your workspace URL. In this Example: https://apex.oracle.com/pls/apex/monvi
2. Token URL : oauth/token - Navigate to Authentication → Basic Auth. and Provide your Client ID and Client Secret which we create earlier.
- Hit the Send Button to get the Token.
- Check the Status.(200OK) if not 200OK, will have error.
- Copy the Access Token which you can see in an output.
- Add one more request to get the data using the same process but now use the GET Method.
- Provide your API URL
- Navigate to Authontication → Bearer Token → Paste Access Token → Click on send.
Here you can fetch the data after providing an access token.
Conclusion
Implementing OAuth 2.0 authentication in your Oracle APEX applications is an essential step towards enhancing both security and user experience. By following the steps outlined in this guide, you can easily set up OAuth 2.0 authentication for your REST API and connect to various external services without compromising sensitive user credentials.
Comments
Post a Comment