I have the same question. I am surprised that Oauth2 integration is highlighted in the announcement of the new listener but there is so little documentation on its use. Surely there must be some experts at Oracle who can point us to some documentation or provide some examples. Our use case is pretty straightforward, I want to use Oauth2 authentication between an application and a RESTful web service while the user authentication uses CAS. We have CAS user auth working successfully with basic auth between application and web service but now want to use Oauth2 for application level authentication.
Hi, Gemma and others interested,
I did post question at Oracle Support and I also let them know that there was a thread already started at this Forum.
My research on topic makes me suspect that Oauth2 is expected to be set up at the Application Server layer so in our case Weblogic. There are some Spring or Jersey libraries that integrate with Oauth2 that can be used at the App Server. So I assume the implementation will be similar to the way we had to implement CAS (Yale Central Authentication Service)where Weblogic 'takes care' of the interaction with CAS and then passes the 'remote_user' to Apex HTTP_Header authentication scheme. However, Oauth2 seems to allow for application level authentication which is what I am very interested in using. I want to have the user authenticate via CAS which we already have working, but I want the application to 'authenticate' via Oauth2. We have basic authentication working at the application level as well, but we prefer to use Oauth2.
What would be helpful to know are how to 'register an application' as described in the Oracle documentation "RESTful Web Services for Oracle Cloud, Sept. 2012" which states:
"To allow a specific application to access RESTful Web Services, you register the application to get the appropriate
credentials to use during the request token phase of OAUTH2 authentication. Once you have registered an
application that will use a set of RESTful Web Services, you can further limit access based on the identity of the
user making the RESTful Web Service call. "
So it seems that we are due some very basic documentation from Oracle to learn how to get Oauth2 working with Apex, otherwise we are being 'left in the lurch' with regard to this very attractive capability. Perhaps a Weblogic or other JEE app server (Glassfish?) expert who has worked with Oauth2 might also be able to help in this regard.
I am sending our Weblogic engineer the documentation on Oauth2 found, for example, in:
But we will still have a gap even if he figures out Oauth2 with WEblogic -- how to get the credentials working with an Apex Application.
Surprised there have been no responses to this question on the forum. I hear on good authority that Apex Listener 2.0.2 will be coming that will fix some issues with RESTful web services and that there will be more developer documentation coming on Oauth2.
Has anyone in Apex user community done any Oauth2 implementation with Apex RESTful web services?
We have decided to defer releasing documentation on how to leverage OAuth 2.0 until the next patch release of Listener. I will update this thread as soon as the patch is released (I cannot give guidance on when the patch will be available).
Thanking you for your patience,
I just got a notice from Oracle Support that better documentation is now available for OAuth2 in the docs folder of the 2.0.2 download. We just installed 2.0.2 and, yes, there is much better documentation on Oauth2 and on setting up RESTful services for Blob support. We haven't tried any of this yet.