When a backend or service connection is configured with the "Oracle Cloud Account" authentication type, VB Studio tries to locate a resource application within its Identity Domain. This authentication type is equivalent to "OAuth 2.0 User Assertion" with a well known scope.

VB Studio tries to find a resource application in this way:

1. VB Studio first looks for an Oracle resource with either the primary audience or secondary audience equal to the base URL of the backend/service connection.

   If it finds a resource, it then checks if the resource has either the / or urn:opc:resource:consumer::all scope.

   If it can't find a resource or if the resource it finds does not have one of these scopes, then the search proceeds to the next step.

2. VB Studio then tries to locate a manually-created resource with the primary audience equal to the base URL of the backend/service connection.

   If it finds such a resource, it again checks if the resource has either the / or urn:opc:resource:consumer::all scope. If neither of these scopes is present the search is stopped here. VB Studio assumes there should only be one resource with primary audience or secondary audience equal to the base URL.

   If it can't find a primary audience resource, then the search proceeds to the next step.

3. VB Studio then looks for a manually-created resource with the secondary audience equal to the base URL. If such a resource is found, it again checks for the / or urn:opc:resource:consumer::all scope.

   If neither of these scopes is present, the search is stopped here.

If the scope is not resolved at all, you might see an "invalid_scope" error, like this:

"type": "abcs://proxy_problem/oauth/auth_token_error",
"title": "OAuth token resource returned an error",
"detail": "Invalid scope.",
"status": 400,
"o:vbcs-token-response": {
    "error": "invalid_scope",
    "error_description": "Invalid scope.",
    "ecid": "9u1We1s7N00000000"
}