This section discusses each method in detail and provides examples.
In this authentication method, you create a configuration file and store it on the local disk. The configuration file contains details such as the user OCID, tenancy OCID, region, private key path, and fingerprint. This authentication method creates a permanent configuration file on your machine. It should be used if you are working from a secure network and are comfortable storing private keys and configuration locally.
The following section shows examples of API key-based authentication.
You can use the following CLI commands to set up API key-based authentication:
"oci setup bootstrap": This command helps to set up a configuration file. You can login via a browser and your configuration file is automatically created and uploaded to the console. For more details, seeoci setup bootstrap
"oci setup config": This command helps to set up a configuration file from a command line session without browser support via an interactive CLI command which prompts you for information (including a user OCID, a tenancy OCID, and region name) and create a private key. Once the file is created, you need to upload your public key to the console. For more information, seeoci setup config
For an example of Python usage, seethis example on Github.
For a simple example of Java usage, seethis example on Github.
For an example of using a configuration file with the Java SDK, seethis example on Github.
For an example of .NET usage, seethis example on Github.
TheSet-OCIClientConfig cmdlet in the Common module provides a guided walk-through for setting up a configuration file. See thePowerShell Docs Configuration File section for more information.
For an example of Ruby usage, seethis example on Github.
For an example of TypeScript usage, seethis example on Github.
For an example of Go usage, be sure to read theREADME file, and then seethis example on Github.
Using session-token-based authentication, you create a local configuration file that contains information including the user OCID, tenancy OCID, region, private key path and a temporary session token file path. This method uses this information along with the temporary session token, which expires in an hour (by default). Session token-based authentication can be used when you need quick, temporary authentication.
The following section shows examples of session token-based authentication.
You can use the following CLI command to set up session token-based authentication:
"oci session authenticate":This command sets a temporary session token. Sign in via a browser, and a session configuration file is automatically created that you can use to authenticate until the session expires (by default, expiration is in 60 minutes). After the session expires, you need to refresh the session token. For more information, seeoci session authenticate.
For an example of Python usage, seeRunning Scripts on a Computer without a Browser.
For an example of Java usage, seethis example on Github.
For an example of .NET usage, seethis example on Github.
Not supported.
Not supported.
For an example of TypeScript usage, seethis example on Github.
For an example of Go usage, seethis example on Github.
Using instance principal authentication, you can authorize an instance to make API calls on Oracle Cloud Infrastructure services. After you set up the required resources and policies, an application running on an instance can call Oracle Cloud Infrastructure public services, removing the need to configure user credentials or a configuration file. For more details, seeinstance principal.
Instance principal authentication can be used from an instance or VM where you don't want to store a configuration file.
The following section shows examples of instance principal authentication.
You can use the following CLI command to set up instance principal-based authentication:
"oci setup instance-principal" : This command helps you to set up instance principal authentication on an existing instance from a machine where you already have OCI CLI authentication configured. For example, you can run this command from Cloud Shell (which is authenticated using a delegation token) to set up instance principal on an instance. For more information, seeoci setup instance-principal.
To setup instance principal dynamic groups and policies manually, seeCalling Services from Instances.
For an example of Python usage, seethis example on Github.
For an example of Java usage, seethis example on Github.
For an example of .NET usage, seethis example on Github.
SeePowerShell Modules for OCI documentation for more information.
For an example of Ruby usage, seethis example on Github.
For an example of TypeScript usage, seethis example on Github.
For an example of how you can create and configure instance principal authentication using the Go SDK, seethis example on Github.
For an example that uses instance principal authentication, seethis example on Github.
Resource principal authentication is very similar to instance principal authentication, but is intended to be used for resources that are not instances, such as server-less functions.
The following section shows examples of resource principal authentication.
For CLI examples, visitAccessing OCI Resources with Functions.
For an example of Python usage, seethis example on Github.
For an example of Java usage, seethis example on Github.
For an example of .NET usage, seethis example on GitHub.
Example not available.
For an example of Ruby usage using RPv1.1, seethis example on Github.
For an example of Ruby usage using RPv2.2, seethis example on Github.
For an example of TypeScript usage, seethis example on Github.
For an example of Go usage, seethis example on Github.