How to Set Up Oracle APEX Social Sign-In on Google Cloud
👋 Hi! I’m Dani, a passionate automation, Ansible, DevOps, and Cloud technologies enthusiast. I currently work as a Middleware Solutions Architect at Atradius, leading middleware automation and optimizing IT infrastructure. 💡 My Story: I started my career specializing in Oracle Middleware, working with technologies such as WebLogic, Oracle Database, Oracle iPlanet Web Server, and Oracle JDK. Over time, my focus shifted towards deployment automation, continuous integration, and process optimization in complex enterprise environments. 🚀 Impact & Achievements: ✅ Direct the automation of Oracle Fusion Middleware (FMW) with Ansible, streamlining the installation, configuration, and patching processes for Oracle WebLogic, SOA Suite, and OSB. ✅ Lead IBM WebSphere Application Server (WAS) automation with Ansible and AWX, including installation, configuration, certificates, and deployments, reducing implementation times by 70%. ✅ Integrated Azure DevOps with AWX, eliminating manual deployment tasks and reducing human intervention to a simple approval step. ✅ Mentor and train teams on Ansible automation, fostering continuous improvement and knowledge transfer. 🏀🥎 In my free time, I enjoy playing padel and basketball, always looking for new challenges and improvements, both in sports and technology. I also love building web applications with Oracle APEX, bringing ideas to life through low-code development. 📥 Let’s connect! 📧 Email: dbenitez.vk@gmail.com 🔗 LinkedIn: https://www.linkedin.com/in/danielbenitezaguila 💻 GitHub: https://github.com/dbeniteza
Oracle APEX (Application Express) is a powerful low-code platform for building modern web apps on Oracle databases. One of its standout features is Social Sign-In, which allows users to authenticate using third-party identity providers like Google, Microsoft, or Facebook.
In this guide, we’ll walk through how to set up Google Sign-In for your Oracle APEX app, hosted on Google Cloud. This integration enhances user experience and security by leveraging OAuth 2.0 and OpenID Connect standards.
🧩 Prerequisites
Before diving in, make sure you have:
An Oracle APEX workspace (hosted on Oracle Cloud or self-managed)
A Google Cloud project with OAuth 2.0 credentials
Admin access to Oracle APEX and Google Cloud Console
🔧 Step 1: Create OAuth 2.0 Credentials in Google Cloud
Create project
Go to the Google Cloud Console and create a new project
Select a name and Location
Navigate to APIs & Services > OAuth consent screen.
Overview
Click Get Started. Complete the App Information section by providing an App Name and your email address.
Select External in the Audience section.
Add an email address to the Contact Information section.
Finally check the User Data Policy.
Branding
Upload an image for the App logo.
Add the Oracle APEX application home URL in the App domain section.
For Authorized domains, add the oraclecloudapps.com domain and you region-based domain, adb.eu-madrid-1.oraclecloudapps.com, in my case.
Create OAuth client
Go to Clients and click on Create client button.
Select Web application as Application type and add your application’s name.
Add the callback URL: https://g8a2744ee0b9907-techpiece.adb.eu-madrid-1.oraclecloudapps.com/ords/apex_authentication.callback
Note your Client ID and Secret ID and don’t share it! You can download the info and store it in a secure place as JSON file.
Data Access
Go to Data Access blade and click on Add or remove scopes. Select email, profile and openid scopes.
🛠 Step 2: Configure APEX Social Sign-In
Credentials
In your APEX app, go to Web Credentials (Workspace Utilities > Web Credentials)
Fill in the details:
Client ID: From Google Cloud
Client Secret: From Google Cloud
Authentication Schemes
Go to Shared Components > Authentication Schemes.
Create a new authentication scheme using Social Sign-In as Scheme Type. Select the credentials created from above
Application Items
Optionally, go to Shared Components > Authentication Schemes and create some Application Items to map attributes like email and name from the scopes.
Add log info
Create a table and a package to store the users that authenticate to your application.
CREATE TABLE D_AUTH_LOG
( D_AUTH_LOG_ID NUMBER GENERATED BY DEFAULT ON NULL AS IDENTITY NOT NULL ENABLE,
LOGIN_MAIL VARCHAR2(200) NOT NULL ENABLE,
APPLICATION_ID NUMBER NOT NULL ENABLE,
USER_IP VARCHAR2(20),
CREATED_ON TIMESTAMP (6) WITH LOCAL TIME ZONE DEFAULT LOCALTIMESTAMP NOT NULL ENABLE,
CREATED_BY VARCHAR2(128 CHAR) DEFAULT COALESCE(SYS_CONTEXT('APEX$SESSION', 'APP_USER'), USER) NOT NULL ENABLE,
PRIMARY KEY (D_AUTH_LOG_ID)
) ;
create or replace package AUTH_PKG as
procedure post_authorisation;
end AUTH_PKG;
create or replace package body AUTH_PKG as
procedure post_authorisation is
l_user_login VARCHAR2(100) := V('APP_USER');
l_application_id NUMBER := V('APP_ID');
l_user_id VARCHAR2(20) := SYS_CONTEXT('USERENV','IP_ADDRESS');
begin
insert into D_AUTH_LOG (LOGIN_MAIL, APPLICATION_ID, USER_IP)
values (l_user_login, l_application_id, l_user_id);
end post_authorisation;
end AUTH_PKG;
Update existing Authentication Scheme (Shared Components > Authentication Schemes) , set Post-Authentication Procedure Name attribute to the package body procedure just created.
Add button
Create a new button in your home page that redirects to a page with the Request APEX_AUTHENTICATION=Google (the Authentication Scheme from previous steps)
