We are planning to implement OAUTH2 authentication for our APEX application and followed below document to configure OAuth Using Client Credentials Grant Type (2-legged OAuth). Please find below over all steps followed and challenges with this approach.
Cloud you please route this request to the right people who can suggest best practices.
https://docs.oracle.com/en/cloud/saas/applications-common/26a/farca/configure_oauth.html
Steps:
1. Confidential application created with Oracle fusion environment as resource
2. Copied Client ID and Client secret
3. Created fusion user with Client ID as user name
4. Created Web credentials in Oracle APEX with authentication type as 'OAUTH2 Client Credentials'
5. Using web credentials static id in APEX_WEB_SERVICE
Challenges:
1. since we need to create Client ID and fusion user name, all transaction created in fusion using REST and SOPA API calls with OAuth authentication having Client ID as CREATED_BY and LAST_UPDATED_BY. CREATED_BY and LAST_UPDATED_BY values are populated based on ClientID value due to that, business users could not able to understand which external application created the same. we are expecting instead of CLIENT ID looking for solution to populate user readable name. ( Note: We do not want to go with Basic Authentication)