We hava java (springboot) application running on OCI that needs to invoke BO apis. The customer has a firewall so that only authenticated users in a specific IDCS group can access the URL. This means that I can't do authentication inside VB such as its HTTP Basic or the VB oauth token url.
So, I did some googling and created a confidential application and I can now authenticate with IDCS and hit the URL! The problem I have is that get api calls (all I've tested), are always returning empty sets. I believe this is because the confidential application credentials are not mapped to an IDCS group which means it has no VB role.
When role based security is not enabled for a BO, it says anyone with access to the URL will be able to access objects. But that doesn't seem to be the case. I have to enable role based security and enable anonymous access.
Is there any documentation to how an external daemon can authenticate via IDCS and be a member of an IDCS group?
PS. I have seen some instructions that say to create an IDCS role and assign that role to the app. Then configure a group so that anyone with that IDCS role is in the group. However, those were written for IDCS console and I can't find equivalents for those with IAM Domains.