Learn about the new Oracle AI Agent Studio for Fusion Applications: Watch Now
Progress with Redwood: Redwood Resources for Oracle Cloud HCM - Go Here
Progress with Redwood: Redwood Resources for Oracle Cloud HCM - Go Here
To ensure that questions get required attention from community members and are NOT left unanswered, it’s important for the author to indicate (by selecting “Yes” or “No” when prompted) whether the question was answered. (newly added) Please note that it is also important to respond to EACH comment your question receives. Your Yes or No response ensures an accurate status for your question.
For more information, please refer to this announcement explaining best practices for getting answers to questions.
For more information, please refer to this announcement explaining best practices for getting answers to questions.
Advise on JWT - Restrict certificate for specific user
Summary:
Hi ,
We are implementing JWT authentication for integration with third party application,
But while implementing we found a risk as mention below --
1) Application1 share their certificate say CertA with Oracle and we uploaded it in Oracle.
Now using private key they can generate a token for any user ,let say userA which as salary access ,userB which has Absence detail access
2) Application2 share their certificate say CertB with Oracle ,let say they need userC for payroll access
We want Application1 should not have access to Payroll details, but problem is they can generate a token for any user and so it can be a breach.
0