Generate and Use Access Tokens in REST API and CLI Payloads (IDCS)

(Oracle Identity Cloud Service only) If you want to create an Oracle Analytics Cloud instance programmatically, you must generate an access token that you can include in the payload for REST API and CLI create operation. Access tokens are set to expire after a certain time period so you might need to repeat this task for subsequent create operations. By default, access tokens are valid for one hour (3600 seconds).

Note

These instructions are for tenancies that use Oracle Identity Cloud Service (IDCS). If your tenancy uses identity domains you don't need to generate an access token to use the CLI or REST API.

You can generate access tokens using the Console or programmatically (using CLI or an API).

To generate access tokens from the Console:

  1. Sign in to your Oracle Cloud account as an administrator.
  2. In Oracle Cloud Infrastructure Console, navigate to Identity & Security, click Federation, select OracleIdentityCloudService, and then click the Oracle Identity Cloud Service Console URL.
  3. Navigate to the Applications tab, and click the application that you previously created to generate tokens. For example, Analytics_Token_App.
  4. Click Generate Access Token.
    Generate access token
  5. Select Customized Scopes.
  6. Select Invokes Identity Cloud Service APIs, and specify Me.
  7. Click Download Token and save the tokens.tok file.

    tokens.tok contains the access token with the attribute name app_access_token.

    Download token
  8. Open tokens.tok.

    For example:

    {"app_access_token":"eyJ4NXQjUzI...0jxcCw5oR0ajaNw"}
  9. Copy the access token value between the quotes. For example, the value eyJ4NXQjUzI...0jxcCw5oR0ajaNw.
  10. To create an Oracle Analytics Cloud instance with this access token, do one of the following:
    • REST API CreateAnalyticsInstance: Specify the token value in the parameter idcsAccessToken.
    • CLI analytics-instance create: Copy the token value to a file and specify the name of the file in the CLI parameter --idcs-access-token-file [filename].
To generate access tokens using an API or CLI:
  1. Generate the access token using an API or from the CLI. For example:
    curl 
    -X POST 
    -u "<client_id>:<client_secret>" 
    -H 'content-type: application/x-www-form-urlencoded;charset=UTF-8' 
    -d "grant_type=password" 
    -d "username=<user>" 
    -d "password=<password>" 
    -d 'scope=urn:opc:idm:t.user.me' 
    "https://<stripe>.identity.oraclecloud.com:443/oauth2/v1/token"

    The command returns a JSON response similar to this:

    {"access_token":"eyJ4NXQjUzI...0jxcCw5oR0ajaNw","token_type":"Bearer","expires_in":3600}
    
  2. Copy the access token from the JSON. For example,eyJ4NXQjUzI...0jxcCw5oR0ajaNw.
  3. To create an Oracle Analytics Cloud instance with this access token, do one of the following:
    • REST API CreateAnalyticsInstance: Specify the token value in the parameter idcsAccessToken.
    • CLI analytics-instance create: Copy the token value to a file and specify the name of the file in the CLI parameter --idcs-access-token-file [filename].