Oracle Access Manager (OAM) 12c: x5t And x5t#S256 Digests For /oauth2/rest/security Have Trailing Padding Characters
(Doc ID 2931531.1)
Last updated on FEBRUARY 28, 2023
Applies to:Oracle Access Manager - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
The output of REST endpoint /oauth2/rest/security is not compliant with RFC 7515 for "x5t" and "x5t#S256" digests because they have trailing "=" characters.
As per RFC 7515:
=> The "x5t#S256" (X.509 certificate SHA-256 thumbprint) Header Parameter is a base64url-encoded SHA-256 thumbprint (a.k.a. digest) of the DER encoding of the X.509 certificate [RFC5280] corresponding to the key used to digitally sign the JWS.
=> Base64url encoding using the URL- and filename-safe character set defined in Section 5 of RFC 4648 [RFC4648], with all trailing '=' characters OMITTED and without the inclusion of any line breaks, whitespace, or other additional characters.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document