Oracle Apex - (Authentication|Identity)

About

This page makes part of the security theme and talks authentication implementation in Apex.

Articles Related

Process

Once a user has been identified, the Application Express engine keeps track of each user by setting:

the value of the variable Oracle Apex - User
a new session id

See Session state scope to understand why.

Login processing has the following steps:

Run authentication scheme's pre-authentication procedure.
Run authentication scheme's authentication function to check the user credentials (p_username, p_password), returning true on success.
If result=true:
- run post-authentication procedure.
- save username in session table.
- set redirect url to deep link.
If result=false:
- set redirect url to current page, with an error message in the notification_msg parameter.
Log authentication result.
Redirect.

Procedure

sentry

See IS_SESSION_VALID function

API

Custom Authentication

APEX_CUSTOM_AUTH

You can use the APEX_CUSTOM_AUTH package to perform various operations related to authentication and session management.

APEX_CUSTOM_AUTH.GET_SESSION_ID
APEX_CUSTOM_AUTH.GET_SESSION_ID_FROM_COOKIE;

APEX_UTIL

The status set using this procedure is visible in the apex_user_access_log view and in the reports on this view available to workspace and site administrators.

CREATE OR REPLACE FUNCTION MY_AUTH(
    p_username IN VARCHAR2, 
    p_password IN VARCHAR2)
RETURN BOOLEAN
IS
BEGIN
    APEX_UTIL.SET_CUSTOM_AUTH_STATUS(p_status=>'User:'||p_username||' is back.');
    IF UPPER(p_username) = 'GOOD' THEN
        APEX_UTIL.SET_AUTHENTICATION_RESULT(24567);
        RETURN TRUE;
    ELSE
        APEX_UTIL.SET_AUTHENTICATION_RESULT(-666);
        RETURN FALSE;
    END IF;
END;

Documentation / Reference

Establishing User Identity Through Authentication