My Oracle Support Banner

OAUTH2 Client Credentials Creates An Unnecessary Refresh Token (Doc ID 2732778.1)

Last updated on NOVEMBER 30, 2020

Applies to:

Oracle REST Data Services - Version 18.3 and later
Information in this document applies to any platform.

Symptoms

ACTUAL BEHAVIOR
------------------------------
OAUTH2 client credentials creates an unnecessary refresh token

Creating an OAUTH2 client of type CLIENT_CRED and then requesting a token for that client should only result in one entry in ORDS_METADATA.SEC_SESSIONS, however in addition to the expected THIRD_PARTY token, there is also a REFRESH token generated even though client credentials OAUTH2 does not support refresh tokens.

 

STEPS
-----------------------
The issue can be reproduced with the following steps:

 

Changes

 no changes

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.