Managing Authorization Using the API

The identity domains REST API supports both token-based authorization and OCI request signatures. For security reasons, the identity domains REST API isn't accessible using only the username and password that you use to sign in to the identity domain. To access the identity domains REST API, you need an OAuth2 access token or an API key to use for authorization.

identity domains REST API use the OAuth 2.0 protocol for authentication and authorization and support these common authorization scenarios:

Web server
Mobile
JavaScript applications

The Authorization section discusses the OAuth 2.0 scenarios that identity domains support.

This section contains the following topics:

Registering a Client Application
Security Recommendations
Scopes
Access Grant Types
Supported Tokens
Token Validation
Working with AppRoles
Authentication and On-Demand MFA API HTTP Status Codes
Authentication and On-Demand MFA API Error Codes

Oracle Cloud Infrastructure Documentation

Managing Authorization Using the API