Thank you for supporting the Cloud Customer Connect Community in 2024. It's a gift to work with you!

Look back
You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register
Get Started with Redwood for Oracle Cloud HCM   Begin Now
To ensure that questions get required attention from community members and are NOT left unanswered, it’s important for the author to indicate (by selecting “Yes” or “No” when prompted) whether the question was answered. (newly added) Please note that it is also important to respond to EACH comment your question receives. Your Yes or No response ensures an accurate status for your question.

For more information, please refer to this announcement explaining best practices for getting answers to questions.

Advise on JWT - Restrict certificate for specific user

in HCM Integrations 1 comment

Summary:

Hi ,


We are implementing JWT authentication for integration with third party application,

But while implementing we found a risk as mention below --


1) Application1 share their certificate say CertA with Oracle and we uploaded it in Oracle.

Now using private key they can generate a token for any user ,let say userA which as salary access ,userB which has Absence detail access


2) Application2 share their certificate say CertB with Oracle ,let say they need userC for payroll access


We want Application1 should not have access to Payroll details, but problem is they can generate a token for any user and so it can be a breach.

Tagged:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!