Social Sign-on is one of the transformative features of Oracle APEX especially for public facing web applications. It allows users to log on to applications securely through their Facebook or Google accounts. However, if you want to move your application on to a new Autonomous database (ADB) there are a number of steps to follow owing to the fact - and it's a good fact - that web credential secrets are never exported when you run the Apex export utility.
The first thing you need are the client id / secret that you used when you created the credential in the original workspace. If you no longer have those details, then you're only option will be to create new OAUTH2 client credentials in Facebook / Google and configure these in the target workspace using the Apex UI.
After importing your Apex application into the target ADB workspace, the web credential objects will be present - but not the client id / secret. The first step, therefore, is to configure the web credential in the target workspace.
Here's an example for setting the credentials for Facebook in a workspace called “EXAMPLE”:
BEGIN
apex_util.set_workspace(p_workspace => 'EXAMPLE');
apex_credential.set_persistent_credentials
(p_credential_static_id => 'Facebook',
p_client_id => '304744532372921',
p_client_secret => 'e079ef763fa6f3858063792b288000b1' );
END;
/
That, of course, is not enough to get the application working since the URL of your migrated application will not have been included in your original Facebook whitelist. If you now try to authenticate with Facebook in your migrated Apex application you will get an error like:
URL blocked - This redirect failed because the redirect URI is not white-listed in the app's client OAuth settings. Make sure that the client and web OAuth logins are on and add all your app domains as valid OAuth redirect URIs.
In the case of Google, the error is more obscure - you would have to click on the “Developer” button in the popup and discover that the error is “mismatched-uri”.
To resolve for Facebook, log on to your Facebook developer account and add the redirect URI for the migrated Apex application to your Facebook Login settings under the section “Valid OAuth Redirect URIs”. For Google, look for a OAUTH2 client credential entry in console.cloud.google.com for the project in your account - if you don't find one, as I found to my surprise - even though Google Social sign on continues to work just fine in the original ADB - then you will have to create a new one and use the new client id / secret in the call to apex_credential.set_persistent_credentials.