{"id":269508,"date":"2024-03-04T09:55:47","date_gmt":"2024-03-04T08:55:47","guid":{"rendered":"https:\/\/promatis.com\/hr\/accessing-e-business-suite-cloud-manager-apis-idcs-token-management\/"},"modified":"2024-03-14T10:12:36","modified_gmt":"2024-03-14T09:12:36","slug":"accessing-e-business-suite-cloud-manager-apis-idcs-token-management","status":"publish","type":"post","link":"https:\/\/promatis.com\/hr\/accessing-e-business-suite-cloud-manager-apis-idcs-token-management\/","title":{"rendered":"Accessing E-Business Suite Cloud Manager APIs - IDCS Token Management"},"content":{"rendered":"
[et_pb_section fb_built=\"1\" custom_padding_last_edited=\"on|tablet\" disabled_on=\"off|off|off\" admin_label=\"Sektion\" _builder_version=\"4.17.6\" _module_preset=\"default\" custom_padding=\"5vh||5vh||true|false\" custom_padding_tablet=\"5vh||5vh||true|false\" custom_padding_phone=\"5vh||5vh||true|false\" locked=\"off\" global_colors_info=\"{}\" global_module=\"266178\" theme_builder_area=\"post_content\"][et_pb_row column_structure=\"1_4,3_4\" _builder_version=\"4.17.6\" _module_preset=\"default\" custom_margin=\"||0px||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"1_4\" _builder_version=\"4.17.6\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_image src=\"https:\/\/promatis.com\/wp-content\/uploads\/2022\/07\/johannes-michler.png\" alt=\"Johannes Michler PROMATIS Horus Oracle\" title_text=\"johannes-michler\" _builder_version=\"4.20.2\" _module_preset=\"default\" width=\"90%\" custom_margin=\"0vh||0vh||true|false\" border_radii=\"on|516px|516px|516px|516px\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_4\" _builder_version=\"4.17.6\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text ul_type=\"square\" _builder_version=\"4.21.0\" _module_preset=\"default\" text_font=\"Open Sans||||||||\" link_font=\"Open Sans||||on|||gcid-0becd5ff-19fc-4653-a221-c8c75771a987|\" link_text_color=\"gcid-0becd5ff-19fc-4653-a221-c8c75771a987\" link_font_size=\"22px\" ul_font=\"Open Sans||||||||\" ul_font_size=\"17px\" ul_line_height=\"1.6em\" header_text_color=\"gcid-32812186-bc94-4de4-814c-2bf202477fd5\" header_2_text_color=\"gcid-32812186-bc94-4de4-814c-2bf202477fd5\" header_2_line_height=\"1.6em\" header_3_text_color=\"gcid-32812186-bc94-4de4-814c-2bf202477fd5\" header_4_text_color=\"gcid-32812186-bc94-4de4-814c-2bf202477fd5\" header_5_text_color=\"gcid-32812186-bc94-4de4-814c-2bf202477fd5\" header_6_text_color=\"gcid-32812186-bc94-4de4-814c-2bf202477fd5\" header_6_font_size=\"16px\" custom_margin=\"2vh||0px||false|false\" custom_padding=\"||||true|false\" hover_enabled=\"0\" text_font_size_tablet=\"20px\" text_font_size_phone=\"17px\" text_font_size_last_edited=\"on|tablet\" header_font_size_tablet=\"\" header_font_size_phone=\"28px\" header_font_size_last_edited=\"on|phone\" global_colors_info=\"{%22gcid-32812186-bc94-4de4-814c-2bf202477fd5%22:%91%22header_text_color%22,%22header_2_text_color%22,%22header_3_text_color%22,%22header_4_text_color%22,%22header_5_text_color%22,%22header_6_text_color%22,%22header_text_color%22,%22header_2_text_color%22,%22header_3_text_color%22,%22header_4_text_color%22,%22header_5_text_color%22,%22header_6_text_color%22,%22header_text_color%22,%22header_2_text_color%22,%22header_3_text_color%22,%22header_4_text_color%22,%22header_5_text_color%22,%22header_6_text_color%22%93,%22gcid-0becd5ff-19fc-4653-a221-c8c75771a987%22:%91%22link_text_color%22%93}\" theme_builder_area=\"post_content\" sticky_enabled=\"0\"]<\/p>\n
[\/et_pb_text][et_pb_text ul_type=\"square\" _builder_version=\"4.20.0\" _module_preset=\"default\" text_font=\"Open Sans||||||||\" link_font=\"Open Sans||||on||||\" link_text_color=\"#00A9A0\" ul_font=\"Open Sans||||||||\" ul_font_size=\"17px\" ul_line_height=\"1.6em\" header_text_color=\"gcid-32812186-bc94-4de4-814c-2bf202477fd5\" header_2_text_color=\"gcid-32812186-bc94-4de4-814c-2bf202477fd5\" header_2_line_height=\"1.6em\" header_3_text_color=\"gcid-32812186-bc94-4de4-814c-2bf202477fd5\" header_4_text_color=\"gcid-32812186-bc94-4de4-814c-2bf202477fd5\" header_5_text_color=\"gcid-32812186-bc94-4de4-814c-2bf202477fd5\" header_6_text_color=\"gcid-32812186-bc94-4de4-814c-2bf202477fd5\" header_6_font_size=\"16px\" custom_margin=\"1vh||0px||false|false\" custom_padding=\"||||true|false\" text_font_size_tablet=\"20px\" text_font_size_phone=\"17px\" text_font_size_last_edited=\"on|tablet\" header_font_size_tablet=\"\" header_font_size_phone=\"28px\" header_font_size_last_edited=\"on|phone\" global_colors_info=\"{%22gcid-32812186-bc94-4de4-814c-2bf202477fd5%22:%91%22header_text_color%22,%22header_2_text_color%22,%22header_3_text_color%22,%22header_4_text_color%22,%22header_5_text_color%22,%22header_6_text_color%22%93}\" theme_builder_area=\"post_content\"]<\/p>\n
[\/et_pb_text][et_pb_text ul_type=\"square\" _builder_version=\"4.20.0\" _module_preset=\"default\" text_font=\"Open Sans||||||||\" text_text_color=\"gcid-0becd5ff-19fc-4653-a221-c8c75771a987\" text_font_size=\"22px\" link_font=\"Open Sans||||on||||\" link_text_color=\"#00A9A0\" ul_font=\"Open Sans||||||||\" ul_font_size=\"17px\" ul_line_height=\"1.6em\" header_text_color=\"gcid-32812186-bc94-4de4-814c-2bf202477fd5\" header_2_text_color=\"gcid-32812186-bc94-4de4-814c-2bf202477fd5\" header_2_line_height=\"1.6em\" header_3_text_color=\"gcid-32812186-bc94-4de4-814c-2bf202477fd5\" header_4_text_color=\"gcid-32812186-bc94-4de4-814c-2bf202477fd5\" header_5_text_color=\"gcid-32812186-bc94-4de4-814c-2bf202477fd5\" header_6_text_color=\"gcid-32812186-bc94-4de4-814c-2bf202477fd5\" header_6_font_size=\"16px\" custom_margin=\"5px||0px||false|false\" custom_padding=\"||||true|false\" text_font_size_tablet=\"20px\" text_font_size_phone=\"17px\" text_font_size_last_edited=\"on|tablet\" header_font_size_tablet=\"\" header_font_size_phone=\"28px\" header_font_size_last_edited=\"on|phone\" global_colors_info=\"{%22gcid-32812186-bc94-4de4-814c-2bf202477fd5%22:%91%22header_text_color%22,%22header_2_text_color%22,%22header_3_text_color%22,%22header_4_text_color%22,%22header_5_text_color%22,%22header_6_text_color%22,%22header_text_color%22,%22header_2_text_color%22,%22header_3_text_color%22,%22header_4_text_color%22,%22header_5_text_color%22,%22header_6_text_color%22,%22header_text_color%22,%22header_2_text_color%22,%22header_3_text_color%22,%22header_4_text_color%22,%22header_5_text_color%22,%22header_6_text_color%22%93,%22gcid-0becd5ff-19fc-4653-a221-c8c75771a987%22:%91%22text_text_color%22%93}\" theme_builder_area=\"post_content\"]<\/i><\/a><\/i><\/a><\/i><\/a>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=\"1\" _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"0vh||10vh||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_row use_custom_gutter=\"on\" _builder_version=\"4.17.3\" _module_preset=\"default\" custom_padding=\"0px||0px||true|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.23.1\" _module_preset=\"default\" background_enable_color=\"off\" custom_padding=\"0px||0px||true|false\" hover_enabled=\"0\" inline_fonts=\"Times New Roman\" global_colors_info=\"{%22gcid-32812186-bc94-4de4-814c-2bf202477fd5%22:%91%22header_text_color%22,%22header_2_text_color%22,%22header_3_text_color%22%93,%22gcid-0becd5ff-19fc-4653-a221-c8c75771a987%22:%91%22background_color%22%93}\" theme_builder_area=\"post_content\" sticky_enabled=\"0\"]Previously (https:\/\/promatis.com\/hr\/fully-automating-cloning-with-e-business-suite-cloud-manager-rest-api\/<\/a>), I described how you can use (unofficial) APIs to fully automate E-Business Suite environments hosted with Cloud Manager on Oracle Cloud Infrastructure (OCI). As you can see there, the actual call to trigger a clone or also the termination of an environment is rather simple. I've recently used that a lot when I worked on my clone scripts. In that process, I had to create ~10 clones, and doing so with a simple REST call saved me a lot of time.<\/p>\n In said post, we got hold of a \"OAuth Bearer Token\" that is needed to call those APIs in a very manual way \"through the browser\". In real life, this does not really come in handy. This blog post will describe how a bearer token (including a refresh token) can be received through the command line.<\/p>\n In preparation for using the scripts shown below, we have to enable the usage of \"Device Codes\" for the Cloud Manager application in IDCS:<\/p>\n Furthermore you should take note of the client_id, the client_secret and the IDCS url. All 3 have also been used during Cloud Manager setup.<\/p>\n First of all, the following shell script does all the magic needed. You have to replace XXXXX, YYYYY and ZZZZZ with values from your environment:<\/p>\n When you call this script for the first time, it gives an output as follows:<\/p>\n {\"device_code\":\"xxxxxx\",\"user_code\":\"CTHJNLAM\",\"verification_uri\":\"https:\/\/idcs-ZZZZZ.identity.oraclecloud.com:443\/ui\/v1\/device\",\"expires_in\":300}<\/p>\n identified DEVICE_CODE 483150ce7704487da495593d1c97c2a4 press enter when done<\/p>\n Just open the verification URI provided in a browser, sign in to IDCS and pass the user_code CTHJNLAM.<\/p>\n Then, return to the shell script and press return. This will allow the script to get a Bearer Token including a Refresh token.<\/p>\n On every subsequent run, the \"previous\" refresh token (stored in the file mytoken) is exchanged for an access token and a new refresh token. That new refresh token is saved (each refresh token is a one-time-use token) and can then be used for the next run.<\/p>\n Using the access token we received through that way, we can conveniently access the Cloud Manager APIs.<\/p>\n With the above way, you can get a token that is valid for at least a week. For most operations this should be sufficient; if not, these timings can be extended in IDCS. See https:\/\/docs.oracle.com\/en\/cloud\/paas\/identity-cloud\/rest-api\/TokenExpiryTable.html<\/a> for more details on that (OAuth Refresh Token Expiry).<\/p>\n The combination of the procedure described in this and the previous blog post allow a simple and complete end-to-end automation of clones - e.g. on a nightly basis.[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" In a previous post, we got hold of a \"OAuth Bearer Token\" that is needed to call those APIs in a very manual way \"through the browser\". In real life, this does not really come in handy. This blog post will describe how a bearer token (including a refresh token) can be received through the command line.<\/p>\n","protected":false},"author":2,"featured_media":267572,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[386],"tags":[535,536],"dipi_cpt_category":[],"yoast_head":"\n
Executive Vice President<\/strong> \u2013\u00a0Head of Platforms\u00a0&\u00a0Development<\/p>\nPreparations<\/h2>\n
\nDefinition of Cloud Manager application in IDCS
\n<\/em><\/p>\nA piece of Code<\/h2>\n
#!\/bin\/sh\r\nCLIENT_ID=\"XXXXX\" # as in IDCS\r\nCLIENT_SECRET=\"YYYYY\" # as in IDCS\r\nCLOUDMGR_URL=https:\/\/ebsoci.intern.dns\r\nIDCS_BASE_URL=https:\/\/idcs-ZZZZZ.identity.oraclecloud.com\/oauth2\/v1\r\nIDCS_TOKEN_URL=${IDCS_BASE_URL}\/token\r\nIDCS_DEVICE_URL=${IDCS_BASE_URL}\/device\r\n\r\nPASS_ENC=`echo -n \"$CLIENT_ID:$CLIENT_SECRET\" | base64 -w 0`\r\n\r\n#echo PASS_ENC $PASS_ENC\r\n\r\nif [ -f \"mytoken\" ]; then\r\nREFRESH_TOKEN=`cat mytoken | jq '.refresh_token'| tr -d '\"'`\r\necho refresh token: $REFRESH_TOKEN\r\nBEARER_TOKEN=`curl -K -i -H 'Authorization: Basic '\"$PASS_ENC\"'' -H 'Content-Type: application\/x-www-form-urlencoded;charset=UTF-8' --request POST $IDCS_TOKEN_URL -d 'grant_type=refresh_token&refresh_token='\"$REFRESH_TOKEN\"`\r\ncp mytoken mytoken.old\r\nelse\r\nDEVICE_INFO=`curl -K -i -H 'Authorization: Basic '\"$PASS_ENC\"'' -H 'Content-Type: application\/x-www-form-urlencoded;charset=UTF-8' --request POST $IDCS_DEVICE_URL -d 'response_type=device_code&scope=urn:opc:idm:t.user.me%20offline_access&client_id='\"$CLIENT_ID\"`\r\necho $DEVICE_INFO\r\nDEVICE_CODE=`echo $DEVICE_INFO | jq '.device_code'|tr -d '\"'`\r\necho identified DEVICE_CODE $DEVICE_CODE press enter when done\r\nread HAS_FINISHED\r\nBEARER_TOKEN=`curl -K -i -H 'Authorization: Basic '\"$PASS_ENC\"'' -H 'Content-Type: application\/x-www-form-urlencoded;charset=UTF-8' --request POST $IDCS_TOKEN_URL -d 'grant_type=urn:ietf:params:oauth:grant-type:device_code&device_code='\"$DEVICE_CODE\"`\r\nfi\r\n\r\necho $BEARER_TOKEN\r\necho $BEARER_TOKEN > mytoken\r\nACCESS_TOKEN=`echo $BEARER_TOKEN| jq '.access_token'| tr -d '\"'`\r\necho ACCESS_TOKEN: $ACCESS_TOKEN\r\n\r\n# call the rest api to get shapes\r\n#\r\n\r\ncurl -k -X GET $CLOUDMGR_URL\/ebs\/shapes\/networkProfile\/MY_AD2 -H 'Authorization: Bearer '\"$ACCESS_TOKEN\"''<\/pre>\n
First running the script<\/h3>\n
Subsequent runs<\/h3>\n
Summary<\/h2>\n