You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

SIM-Based OAuth - Why is client credential required when supplying client assertion?

Question
38
Views
0
Comments
edited Jun 25, 2018 1:13PM in Identity

Summary

When doing SIM-Based OAuth with an Untrusted Client - Why is basic auth client credential required when supplying a client assertion token?

Content

Can anyone explain why the various documentation examples regarding using a client assertion token with explicit user credentials all require the additional basic authorization header associated with the client (id:secret).  Isn't the very purpose of the client assertion token to alleviate the need to supply such a basic authorization header?

See these doc examples

https://docs.oracle.com/en/cloud/paas/paas-saas-cloud/ocpsi/securing-oracle-cloud-paas-saas-applications-using-oauth1.html#GUID-8D7FF1FB-EF76-495A-9993-A3BB6EA82D4D

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!