Open in app

Sign in

Write

Sign in

Oracle Analytics Cloud Embedding — changing the IDCS token timeout

Mike Durran
2 min readAug 7, 2020

Introduction

If you’ve been following the blogs I’ve written on embedding Oracle Analytics Cloud (OAC) canvases in your own web pages and applications, in particular using tokens for authentication, then you may have noticed that the default timeout for tokens is 100 seconds. You may want to increase this setting.

You’ll find this configuration setting by navigating to the Oracle IDCS Console, then navigate to the Oracle Cloud Services option, and then the actual OAC instance you are working with. You can then find the Access Token Expiration setting under the ‘Configuration’ | ‘Resources’ section.

Another way of changing the token timeout value is to use the IDCS API to patch the OAC IDCS application and I will describe that process in the rest of this blog.

IDCS API to Update an App

The product documentation for the IDCS API to update an App is available at this link. An example of the curl command we need to execute to patch an OAC IDCS app is as follows, replacing the <items> with your specific values:

curl --request PATCH \
  --url https://<IDCS-instance>.identity.oraclecloud.com/admin/v1/Apps/<AppID> \
  --header 'authorization: Bearer <token>' \
  --header 'content-type: application/json' \
  --data '{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations": [
    {
      "op": "replace",
      "path": "redirectUris",
      "value": [
        "<URL for OAC instance>"
      ]
    },
    {
      "op": "replace",
      "path": "accessTokenExpiry",
      "value": 3600
    },
    {
      "op": "replace",
      "path": "refreshTokenExpiry",
      "value": 86400
    },
    {
      "op": "replace",
      "path": "allowOffline",
      "value": true
    }
  ]
}'

You can obtain the AppID from the OAC IDCS instance in the App Details field. You also need to get a bearer token for the IDCS OAC App in order to run this curl command. To get a bearer token, you first need to get a base64 encoded clientID:clientSecret using a command such as:

echo -n "<clientID:ClientSecret>" | base64

Use the base64 encoded clientID and Secret in the following curl command to get a bearer token:

curl --request POST https://<IDCS-instance>.identity.oraclecloud.com/oauth2/v1/token -H 'Authorization: Basic <base64 encoded clientID:clientSecret>' -H 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8' -d 'grant_type=client_credentials&scope=urn:opc:idm:__myscopes__'

You then pass the bearer token returned from this curl command into the initial curl command at the start of this blog, substituting the values for redirectURIs and the token expiry times in seconds.

--

--

Mike Durran

Written by Mike Durran

207 Followers

Analytics Product Manager at Oracle. [All content and opinions are my own]

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams