|
| 07:54:32 | * Chaitanya Koratamaddi | Good Morning / Evening everyone! Thanks for joining today’s APEX Office Hours. This session will be recorded and so we request you to please turn off your Video. Thanks. |
| 07:57:44 | Sven Weller | Oh interesting: apex.oracle.com will be unavailable from Friday, March 8th 18:00 PST to Saturday, March 9th, 18:00 PST. During this time, the underlying database will be upgraded to Oracle Database 18.3. |
| 07:57:58 | tercio.costa | nice! |
| 08:01:21 | * David Peake | Remember to ask questions here in the chat as we go through! |
| 08:04:16 | * Christian Neumüller | Here is another article about Social Sign-In with the Oracle Cloud: https://wphilltech.com/apex-auth-n-using-idcs/ |
| 08:04:54 | Scott Wesley | I have one, too http://www.grassroots-oracle.com/2019/01/social-sign-in-authentication-scheme.html |
| 08:06:53 | Jerry (Gerald) Sidler | What version is this demo covering.. I am in apex 5 |
| 08:07:09 | * Christian Neumüller | The demo is on apexea.oracle.com - APEX 19.1 |
| 08:07:15 | Scott Wesley | social sign-in needs 18.x, but all these in current screen are whenever |
| 08:07:59 | Jerry (Gerald) Sidler | TY.. That is what I thought particularly interested in Auth2 I believe that is 18 |
| 08:08:23 | Jerry (Gerald) Sidler | Oauth2 that is |
| 08:08:35 | * Christian Neumüller | Correct, first shipped with 18.1. |
| 08:21:10 | Scott Wesley | General security question: Would someone please elaborate why is it recommended to turn on workspace isolation for rejoing sessions? https://docs.oracle.com/database/apex-5.1/HTMDB/understanding-administrator-security-best-practices.htm#HTMDB29961 |
| 08:23:15 | * Christian Neumüller | It's mainly necessary when you have applications/workspaces with different security levels. Having different hostnames for the workspaces provides isolation for session cookies, etc. |
| 08:24:23 | Eric | does the url that you send to the oauth2 provider need to be a public facing url to be able to use oauth2? |
| 08:24:25 | * Christian Neumüller | Otherwise, a malicious or compromised app could affect other apps |
| 08:24:56 | * Christian Neumüller | @Eric, no, when developing the feature I used APEX instances on internal servers |
| 08:25:39 | Scott Wesley | So a one-workspace environment doesn't really have that risk? |
| 08:26:14 | * Christian Neumüller | No, that isolation feature does not provide additional benefit for a one-workspace env |
| 08:26:26 | Rodrigo Mesquita | Hi Marc, are you going to make this app available to be downloaded? |
| 08:26:32 | Scott Wesley | Thank you, that makes sense. |
| 08:26:54 | * Christian Neumüller | NP! |
| 08:33:10 | Benjamin Intsiful | How can you make Google sign-in auth sessiont valid for longer than 1 hour?A use case is after an hour mails sent from the apex application are not sent. Using google suite in this case |
| 08:34:44 | Benjamin Intsiful | Addendum: After re-login with new session,it works. |
| 08:35:43 | DeeDee.Anders | does anyone have instructions on authenticating using CAS with Apex 5.x ??? |
| 08:36:39 | * Christian Neumüller | @Benjamin After login, APEX stores the access token for the session. The access token is valid for 1 hour. As long as it's valid, you can use APEX_WEB_SERVICE calls to retrieve additional information. When the token times out, you get these errors. During sign-in, Google also sends a refresh token. We could use this to get a new access token. That has not implemented yet, though. |
| 08:38:27 | * Christian Neumüller | @DeeDee, if CAS support OAuth2 or better OpenID Connect, you could APEX >= 18.1. For older versions or if you need to use SAML (which we don't support natively), perhaps you could use some Apache module in combination with APEX HTTP header based authentication. |
| 08:40:47 | Benjamin Intsiful | I figured that out there was a grant_type=refresh_token but its implementation was missing. Hopefully it gets implemen |
| 08:41:15 | * Christian Neumüller | It's on my list |
| 08:41:16 | Benjamin Intsiful | *implemented in the next release :) |
| 08:41:33 | * Christian Neumüller | I'll try, but no guarantees ;-) |
| 08:41:47 | * David Peake | *Safe Harbor* |
| 08:41:54 | Benjamin Intsiful | yay! Thanks @Christian hahaha |
| 08:43:48 | JimCzuprynski | Christian, it would be great if you could send the chat notes along as well after the session is done - lots of great info here!! (Yeah, I know, I could save it too.) :) |
| 08:44:20 | * Joel Kallman | @Jim - it will all be made available. |
| 08:44:25 | Scott Wesley | they always seems to get formally published |
| 08:45:27 | JimCzuprynski | Marvellous! Thanks. Will the demo / preso be made available publicly too? I'd like to reference it in an article on APEX I'm working on right now ... |
| 08:46:29 | Sandi | can we enable region specific social login? |
| 08:47:43 | * David Peake | @Jim - Yes we will link to the chat and slides in the description of the video once up on YouTube |
| 08:48:23 | * Christian Neumüller | @Sandi Can you please clarify? |
| 08:49:20 | Sandi | what If I want people from US only can access app using there Facebook login. |
| 08:50:50 | * Christian Neumüller | @Sandi If this is a multi-auth app with a login page as in Marc's example, you can conditionally enable or disable buttons, based on IP addresses |
| 08:50:54 | Eric | what about authorization via roles |
| 08:51:21 | Scott Wesley | what sort of roles? |
| 08:52:06 | Paul | Maybe a new sample app for social login ;) |
| 08:52:49 | EJ Egyed | are there any plans to support WebAuthn authentication? |
| 08:53:52 | chris foote | Is there a why to display or access the whole JSON object that is return from the auth provider in the post auth function? to verfiy what is returned |
| 08:54:42 | Adrian | Niels and I both have a SAML2 SSO integration guides for APEX 5.1 published. Search online. :-) |
| 08:56:24 | Bala | Will this presentation be available publicily for reference |
| 08:56:27 | Eric | @Scott Say in your organization you have people grouped into various roles (Administration, Data Entry, etc.) |
| 08:56:40 | * Tim St. Hilaire | Presentation - yes. |
| 08:56:45 | Paul | thank you |
| 08:56:50 | Niels de Bruijn | Thanks |
| 08:56:52 | Bala | Thanks |