My Oracle Support Banner

Why is it Possible to Validate an Oracle Access Manager 11g R2PS3 (OAM Oauth Access Token Using a Client ID that is Different than the Client ID Used to Create the Access Token? (Doc ID 2466899.1)

Last updated on NOVEMBER 01, 2021

Applies to:

Oracle Access Manager - Version and later
Information in this document applies to any platform.
Oracle is not responsible for instructions/information from 3rd party sites that may be contained in this KM note.


An access token is generated using the following command:

The access token validates successfully even though the basic authorization string is different from the string used to create the token. In the above note that <ENCRYPTED_PASSWORD_1> corresponds to a client ID of "BusinessClient" whiile <ENCRYPTED_PASSWORD_2> corresponds to a client ID of CustomerClient.

Is it expected that an access token generated by one client ID can be validated using a different client ID?


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.