Hi Oracle Team and Community,
I’ve created a FHIR System-Level App using the Oracle Health Code Console. The app has been successfully registered, and I’ve received a Client ID, but I didn’t get a Client Secret.
Now I’m trying to call the token endpoint to retrieve an access token, but I’m running into a roadblock:
- The documentation suggests using either the client_credentials grant type or a signed JWT to obtain the token.
- However, I did not find any place during client registration to provide a JWK URL or upload a public key that Oracle can use to verify my signed JWT.
- Without a client secret or a registered public key, I’m unsure how to proceed with authentication and call the FHIR endpoints.
Can someone please clarify:
- How do I authenticate a system-level app in this setup?
- If signed JWT is the only way, where/how do I register my public key (JWK or X.509)?
- Is client credentials grant supported without a secret?
- Are there sample configurations or Postman examples for this flow?
Any help or references to relevant documentation would be greatly appreciated.
Thanks in advance!
Shehraz Khan