Why is it Possible to Validate an Oracle Access Manager 11g R2PS3 (OAM 220.127.116.11) Oauth Access Token Using a Client ID that is Different than the Client ID Used to Create the Access Token?
(Doc ID 2466899.1)
Last updated on NOVEMBER 01, 2021
Applies to:Oracle Access Manager - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
Oracle is not responsible for instructions/information from 3rd party sites that may be contained in this KM note.
An access token is generated using the following command:
The access token validates successfully even though the basic authorization string is different from the string used to create the token. In the above note that <ENCRYPTED_PASSWORD_1> corresponds to a client ID of "BusinessClient" whiile <ENCRYPTED_PASSWORD_2> corresponds to a client ID of CustomerClient.
Is it expected that an access token generated by one client ID can be validated using a different client ID?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document