Skip to Main Content
Feature Request FR-4228
Product Area Security
Status ROADMAP

1 Voters

Default Token URL for WEB CREDENTIALS

nicolas pilot Public
· Jan 23 2025

Idea Summary
Add a new attribute “default_token_url” to WEB CREDENTIALS

Use Case
Currently, every time we use a web credential, we must specify the 'token URL,' which is often the same value. To simplify this, it would be helpful to set a default 'token URL' directly in the web credential, reducing the need for repeated specification.

This is currently on the roadmap for a future release of Oracle APEX.

Comments

Comments

  • carsten.czarski APEX Team OP 7 days ago

    Is your use-case about APEX_DATA_PARSER or do you also have other use-cases in mind?

  • nicolas pilot OP 7 days ago

    When using apex_web_service.make_rest_request with a web credential, the p_token_url parameter must be specified each time for OAuth2 authentication. In most cases, this token URL remains the same for a given credential. It would be great to have the ability to define this directly within the credential itself.

  • carsten.czarski APEX Team OP 7 days ago

    I'm wondering whether we should allow the usage of a Remote Server Static ID instead. Specifying a direct token URL at the Web Credential would have disadvantages for Dev / Test / Prod scenarios, when different token servers are used for Dev versus Prod environments. For that we introduced the Remote Server concept. Having the URL stored directly at the Web Credential level would require an update after apps moved from one env to another …

    What do you think?

  • nicolas pilot OP 7 days ago

    Make sense.

    So we will need to define a Remote Server with the Token URL and reference that in the Web Credential as the “default token server”.

    And when calling apex_web_service.make_rest_request, if a client credential is specified and the token url is empty, the procedure will use the url definied in the “default token server”…