About Creating an Authentication Scheme from Scratch

Previous
Previous
Next
Next

Creating an authentication scheme from scratch gives you complete control over your authentication interface. This is the best approach for applications when any of the following is true:


See Also:

"HTMLDB_CUSTOM_AUTH" for more information

About Session Management Security

When running custom authentication, Oracle Application Express attempts to prevent two improper situations:

Oracle Application Express checks that the user identity token set by the custom authentication function matches the user identity recorded when the application session was first created. If the user has not yet been authenticated and the user identity is not yet known, the session state being accessed does not belong to someone else. These checks determine whether the session ID in the request can be used. If not, the Application Express engine redirects back the same page using an appropriate session ID.

Building a Login Page

When you create a new application in Oracle Application Express, a login page is created. The alias for the page is 'LOGIN'. You can use this page as the 'invalid session page' in an authentication scheme. The page is constructed with processes that call the Oracle Application Express login API to perform credentials verification and session registration.

You can also build your own login pages using the pre-built pages as models and tailoring all of the user interface and processing logic to your requirements.

To create a login page for your application:

  1. On the Database Home Page, click the Application Builder icon.

  2. Select an application.

  3. Click Create Page.

  4. Select Login Page.

  5. Specify Login page attributes and click Create.

About Deep Linking

Deep linking refers to the ability to link to an Oracle Application Express page out of context (for example, from a hyperlink in an email or workflow notification). When you link to a page out of context and the application requires the user be authenticated, the user will be taken to the login page. After credentials verification, the Application Express engine automatically displays the page that was referenced in the original link. Deep linking is supported for applications that use authentication schemes.