OAM OAuth Services - Security query on base 64 encoded Authorization code
(Doc ID 2356123.1)
Last updated on FEBRUARY 08, 2018
Applies to:Oracle Access Manager - Version 18.104.22.168.5 and later
Information in this document applies to any platform.
OAuth (3-Legged OAuth Authorization) services has been used for client application integration.
Noticing that authorization code is base 64 encoded. Having security concerns because base 64 code can be decoded. Not finding any configurations to change this ?
Does OAM support any configuration changes to address above issue ?
Qn2:Can the authorization code be changed to a different configuration due to their concerns re base 64 encoding?
Qn3:The JWT token can be decoded (from Base64) and contains the principle name (prn=username) as well as an oracle field oracle.oauth.user_origin_id that holds the username.
These aren’t a security risk by themselves but could be in bulk. What controls are available to secure this information ?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document