Oracle Apex - (Authentication|Identity)

About

This page makes part of the security theme and talks authentication implementation in Apex.

Articles Related

Process

Once a user has been identified, the Application Express engine keeps track of each user by setting:

• the value of the variable Oracle Apex - User
• a new session id

See Session state scope to understand why.

Login

Login processing has the following steps:

• Run authentication scheme's pre-authentication procedure.
• Run authentication scheme's authentication function to check the user credentials (p_username, p_password), returning true on success.
• If result=true:
  • run post-authentication procedure.
  • save username in session table.
  • set redirect url to deep link.
• If result=false:
  • set redirect url to current page, with an error message in the notification_msg parameter.
• Log authentication result.
• Redirect.

Procedure

sentry

See IS_SESSION_VALID function

API

Custom Authentication

APEX_CUSTOM_AUTH

You can use the APEX_CUSTOM_AUTH package to perform various operations related to authentication and session management.

• APEX_CUSTOM_AUTH.GET_SESSION_ID
• APEX_CUSTOM_AUTH.GET_SESSION_ID_FROM_COOKIE;

APEX_UTIL

• APEX_UTIL.SET_AUTHENTICATION_RESULT
• APEX_UTIL.GET_AUTHENTICATION_RESULT
• APEX_UTIL.SET_CUSTOM_AUTH_STATUS

The status set using this procedure is visible in the apex_user_access_log view and in the reports on this view available to workspace and site administrators.

CREATE OR REPLACE FUNCTION MY_AUTH(
    p_username IN VARCHAR2, 
    p_password IN VARCHAR2)
RETURN BOOLEAN
IS
BEGIN
    APEX_UTIL.SET_CUSTOM_AUTH_STATUS(p_status=>'User:'||p_username||' is back.');
    IF UPPER(p_username) = 'GOOD' THEN
        APEX_UTIL.SET_AUTHENTICATION_RESULT(24567);
        RETURN TRUE;
    ELSE
        APEX_UTIL.SET_AUTHENTICATION_RESULT(-666);
        RETURN FALSE;
    END IF;
END;

Documentation / Reference

• Establishing User Identity Through Authentication