Why is it Possible to Validate an Oracle Access Manager 11g R2PS3 (OAM 11.1.2.3) Oauth Access Token Using a Client ID that is Different than the Client ID Used to Create the Access Token? (Doc ID 2466899.1)

Last updated on SEPTEMBER 05, 2023

Applies to:

Oracle Access Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.
Oracle is not responsible for instructions/information from 3rd party sites that may be contained in this KM note.

Symptoms

An access token is generated using the following command:

The access token validates successfully even though the basic authorization string is different from the string used to create the token. In the above note that <ENCRYPTED_PASSWORD_1> corresponds to a client ID of "BusinessClient" whiile <ENCRYPTED_PASSWORD_2> corresponds to a client ID of CustomerClient.

Is it expected that an access token generated by one client ID can be validated using a different client ID?

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Symptoms

Cause

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Why is it Possible to Validate an Oracle Access Manager 11g R2PS3 (OAM 11.1.2.3) Oauth Access Token Using a Client ID that is Different than the Client ID Used to Create the Access Token? (Doc ID 2466899.1)

Applies to:

Symptoms

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!