The 415 clue is key. Adding a few more specifics to help narrow it down faster.
The core issue with Custom Auth in Web Services for Oracle IDCS: The Web Services connector’s Custom Authentication operation needs to be configured precisely for Oracle’s token endpoint. Specifically:
Header:
Content-Type: application/x-www-form-urlencoded
Authorization: Basic <base64(clientId:clientSecret)>
Body must be form-urlencoded key-value pairs, not JSON:
grant_type=client_credentials
scope=<your_oracle_scope>
If the connector is sending the body as raw/JSON with just the Content-Type header changed, Oracle will still reject it with 415 — the actual payload format must match.
Strongly recommend switching to native OAuth 2.0 mode instead: Go to Web Services source → Authentication → OAuth 2.0 → Client Credentials. This handles the form-urlencoded body and Basic auth header automatically and is far less error-prone than Custom Auth.
If OAuth 2.0 mode still fails with “Unable to generate access token”: Check these in order:
-
Scope value — Oracle IDCS scopes are case-sensitive and tenant-specific. Validate the exact scope string in your Oracle IDCS application config.
-
Token URL — Should be
https://<your-idcs-tenant>.identity.oraclecloud.com/oauth2/v1/token -
Client credentials — Confirm Client ID and Secret are from the IDCS Confidential Application, not Oracle HCM directly.
-
Enable debug logging on the connector — the raw Oracle OAuth error (
invalid_scope,invalid_client, etc.) will appear there and pinpoint the exact failure.
We’ve successfully connected Oracle Fusion HCM via this pattern — once the token endpoint, scope, and content-type are aligned, Test Connection passes cleanly.
Thanks,