Skip to Main Content

Developer Community


For appeals, questions and feedback, please email

How to get OAuth 2.0 access token

Anand JagtapMar 14 2024 — edited Mar 15 2024


Can anyone please help me in below situation.

I've 3 servers,

On server1, ( with Apex 23.2, and DB version 19.0 ). On this server I've created multiple Rest services. And all are protected. I've a client id and client secret.

On server2, ( with Apex 19.1 and DB version 19.0 ). I'm calling these APIs created on server1. Getting access token using APEX_WEB_SERVICE.OAUTH_AUTHENTICATE and APEX_WEB_SERVICE.OAUTH_GET_LAST_TOKEN. And then calling APEX_WEB_SERVICE.MAKE_REST_REQUEST. And able to send the data successfully.

On server3, ( ORDS not installed, Apex not installed, DB version 11.2 ).

If I'm not wrong, ORDS or APEX is required while creating a rest service. But not required when calling to a rest service right?.

Now, I'm trying to call these Rest APIs, But receiving error as PLS-00302: component 'OAUTH_AUTHENTICATE' must be declared, PLS-00302: component 'OAUTH_GET_LAST_TOKEN' must be declared. However when I do the APEX_WEB_SERVICE.MAKE_REST_REQUEST I receive error "Authentication Required".

Here what I did else,

v_url             VARCHAR2(2000) := '<API url till workspace name>/oauth/token';
v_client_id       VARCHAR2(100) := <client id>;
v_client_secret   VARCHAR2(100) := <client secret>;
v_grant_type      VARCHAR2(100) := 'client_credentials';
v_access_token    VARCHAR2(1000);
v_response        CLOB;
-- Construct the request payload
v_response := apex_web_service.make_rest_request(
p_url         => v_url,
p_http_method => 'POST',
p_parm_name   => apex_util.string_to_table('grant_type:client_id:client_secret'),
p_parm_value  => apex_util.string_to_table(v_grant_type || ':' || v_client_id || ':' || v_client_secret)
-- Parse the response to extract the access token
SELECT json_value(v_response, '$.access_token')
INTO v_access_token
FROM dual;
DBMS_OUTPUT.put_line('Access Token: ' || v_access_token);

Above code gives me an http error code which identifies 401-Access to this resource is protected. Please sign in to access this resource.

l_token_url      VARCHAR2(2000) := '<API url till workspace name>/oauth/token';
l_client_id      VARCHAR2(100) := <client id>;
l_client_secret  VARCHAR2(100) := <client secret>;
l_response_clob  CLOB;
l_access_token   VARCHAR2(4000);
l_http_request   UTL_HTTP.REQ;
l_http_response  UTL_HTTP.RESP;
l_url            VARCHAR2(4000);
l_body           VARCHAR2(4000);
-- Construct the OAuth request body
l_body := 'grant_type=client_credentials' ||
'&client_id=' || l_client_id ||
'&client_secret=' || l_client_secret;
-- Prepare the request
l_url := l_token_url;
l_http_request := UTL_HTTP.BEGIN_REQUEST(l_url, 'POST', 'HTTP/1.1');
-- Set the headers
UTL_HTTP.SET_HEADER(l_http_request, 'Content-Type', 'application/x-www-form-urlencoded');
UTL_HTTP.SET_HEADER(l_http_request, 'Content-Length', LENGTH(l_body));
UTL_HTTP.SET_HEADER(l_http_request, 'User-Agent', 'Mozilla/4.0');
-- Set the authorization header
UTL_HTTP.SET_HEADER(l_http_request, 'Authorization', 'Bearer ' || l_access_token);
-- Send the request
UTL_HTTP.WRITE_TEXT(l_http_request, l_body);
l_http_response := UTL_HTTP.GET_RESPONSE(l_http_request);
-- Read the response
UTL_HTTP.READ_TEXT(l_http_response, l_response_clob);
-- Extract the access token from the response (if needed)
-- Close the HTTP response and request
-- Output the response for testing
DBMS_OUTPUT.PUT_LINE('Response: ' || l_response_clob);

This one gives me error ORA-29273: HTTP request failed ORA-24247: network access denied by access control list (ACL)

Post Details
Added on Mar 14 2024