We are trying to call Oracle Access Governance (AG) REST APIs using OAuth 2.0 client credentials.
Current situation:
- We can successfully generate an OAuth access token
- But AG API calls return 401 Unauthorized
- The token does not seem to include any Access Governance scope
What we’ve done so far:
- Created a confidential OAuth application
- Enabled client credentials grant
- Added Access Governance as a resource
- Set authorized resources to “All”
- Assigned AG-related application roles
Issue:
Even with this setup, the token only contains default identity scopes and not Access Governance-specific access.
Questions:
1. Does the OAuth application also need to be assigned roles directly within the Access Governance service?
2. If so, where should that be done (Identity Domain vs AG instance)?
3. Is there anything else required for AG APIs to work with client credentials?
Goal:
We want the token to include the correct Access Governance access so the API calls succeed.
Any help would be appreciated.