You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

Advise on JWT - Restrict certificate for specific user

Received Response
1
Views
1
Comments
in HCM Integrations 1 comment

Summary:

Hi ,


We are implementing JWT authentication for integration with third party application,

But while implementing we found a risk as mention below --


1) Application1 share their certificate say CertA with Oracle and we uploaded it in Oracle.

Now using private key they can generate a token for any user ,let say userA which as salary access ,userB which has Absence detail access


2) Application2 share their certificate say CertB with Oracle ,let say they need userC for payroll access


We want Application1 should not have access to Payroll details, but problem is they can generate a token for any user and so it can be a breach.

Tagged:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!