Creating a 3-legged OAuth Application in IDCS

1: From the Dashboard in IDCS click the + under Applications to create a new Application

2: Select Confidential Application because we're creating a 3-legged app

3: Fill in the first screen

Only name is required, and if you aren't sure what the other fields mean that's all you should enter.

4: Configure the App

IDCS supports basically all of the OAuth 2 grant types so we need to tell it what kind of app we're using

On this screen you need to:

a. select "Configure this application as a client now" to light up the rest of this screen.

b. select Authorization Code (since that's the kind of app we want)

c. Provide the Redirect URL. After the user logs in and IDCS creates an Authorization Code it will send the user's browser to this URL with that code as a query string parameter. If you don't know what should go here check your application's documentation.

5: Next your way through the "Resources", "Web Tier Policy", and "Authorization" screens

We don't need any of that for this application so just hit Next until you get to the last screen and can click the Finish button

6: Click finish and you will be shown the Client ID and Secret

NOTE: Don't go away, there's still one more step!

You are going to need these to configure your app so copy/paste these values somewhere safe.

7: Click Activate

By default IDCS creates new apps in a disabled / unactivated state. Until you click the Activate button your client app will not be able to talk to IDCS.

Click the Activate button in the upper right hand corner, and then click the green Activate button

8: Note the green status bar telling you that you're all set

Congratulations! You've created your first OAuth client in IDCS.

Your app can now force users to log in via IDCS and you can figure out who the user is. Apps that use IDCS as their OAuth server can do quite a bit more, but that's a subject for another post.