How to integrate Google Auth with Oracle APEX using Social Sign-In feature

Oracle APEX has a number of options for letting users sign into the application. It ranges from authentication using Apex Users to Database Users and even custom sign-in options. But all of these come with an overhead of maintaining the user records in a database and naturally managing the security options such as password management, account expiration thresholds and resetting the user credentials.

So what if there's option that eliminates all of this and let's us design our App in such a way that users can login using a known third-party authentication such as Google Auth ? Well, Oracle APEX Social-Sign in features let's us do exactly the same. Let's see how to do it.

Configure Google OAuth Credentials:

- Login to Google Developer Console: https://console.developers.google.com

- Create a new project

- Navigate to OAuth Consent Screen

- Create a app registration and give some name to this app and provide your email address for communication

- Scroll down and navigate to Authorized Domains section

- Enter oraclecloudapps.com as an authorized domain

The reason behind selecting this domain is that when you run your Apex App, you will see  oraclecloudapps.com domain in the App URL Hence we are going to add it to the authorized domain list in Google developer console.

- Now, let's navigate to Credentials section

- Create credentials

- Create OAuth Client Id

Select Application Type as Web Application

Provide a relevant name for use case

Authorized Redirect URLs:

Here, enter your Apex App URL till /ords part and append /apex_authentication.callback after that.

For example if your App URL looks like this https://xyz1234-abcd1234.adb.us-chicago-1.oraclecloudapps.com/ords/appname/home then enter https://xyz1234-abcd1234.adb.us-chicago-1.oraclecloudapps.com/ords/apex_authentication.callback as Redirect URL.

- Click Create

- This will create a new Client Id and Client Secret. Make a note of these values.

- Navigate to the Apex App we want to incorporate with Google Auth

- Navigate to Shared Components

- Navigate to Credentials option under Workspace Objects

- Create a new Web Credential

- Provide a relevant name like Google Auth

- Select Authentication Type as OAuth2 Client Credentials Flow

- Provide Client ID and Client Secret obtained from Google developer console.

- Apply Changes

- Now, navigate to Shared Components

- Navigate to Authentication Schemes under Security section

- Create a new Authentication Scheme

- Enter a relevant name to scheme

- Select Scheme Type as Social Sign-In

- Select our newly created Credential Store 'Google Auth'

- Select Authentication Provider as Google

- Apply Changes

- Make sure the newly created Authentication Scheme is set as active scheme. If not, then click Make Current Scheme button to set it as an active scheme for the App.

- And that's it ! We have finished all the configuration to authenticate our App using Google Auth.

- Let's run the application.

- Voila ! We are presented with the familiar Google Auth screen that will let you login with any of your Google Accounts or will show you the active Google Accounts based on your active browser sessions.

- Once, we select any of our Google accounts (or login using a new one), the authentication will be complete and we will enter our application.

Note:

With all above configurations, we created Google Auth credentials only to enable the Google Auth feature for the Oracle APEX domain.

The Oracle APEX App as well as the Google Developer account do not capture or store other users' login credentials nor share the Google account details used to setup the Credentials Store with anyone else.

This method is safe and low maintenance and it only facilitates the authentication to our App using Google Auth.