Oracle Corporation
Seamless transition between WEB and API resource access

Abstract:

The present disclosure relates generally to access control, and more particularly, to techniques for seamless transition between world wide web (WEB) resource access and application programming interface (API) resource access on an enterprise network with security restrictions. One technique includes receiving a request for access to a first resource, determining the first resource is a WEB resource, creating an authentication cookie and a bearer token that are tied together using a common identifier, and providing access to the WEB resource based on the authentication cookie. The technique may further include receiving a call for access to a second resource, where the call includes the bearer token in a header of the call, determining the second resource is an API resource, initiating a token exchange of the bearer token for an access token; and providing access to the API resource based on the access token.