Secure "Dynamic" Headers
We came across a sample application by Oracle : https://docs.oracle.com/en/solutions/cons-tasks-mult-apps-uni-list/index.html
The use case is that this app will show BPM tasks from both SaaS and PCS.
For PCS it uses "Cloud Account" as Auth. Expected!!
For SaaS the authentication is bit interesting. It Sets the Auth to "None" and defines a Secure Header called "
Authorization". Furthermore the value for this secure header also looks special.
According to the docs (my interpretation) the
jwtToken sent in by the container in SaaS is used in this Authorization Header.
So now the question is , Is the value "