One of our customer come up with below question :
a. What is the business intention of having Consent in OAuth 3-legged flow of OAM?
b. Can you please specify a usecase/sceanrio when would an application use this?
c. Can you please specify a usecase/scenario where can a user see the consent?
d. As per below documentation OAuth Consent can be revoked only an End User or an administrator. Can you please specify a client usecase or real world scenario where this REST API can be leveraged?
https://docs.oracle.com/en/middleware/idm/access-manager/12.2.1.4/oroau/op-oauth2-rest-consent-delete.html
https://docs.oracle.com/en/middleware/idm/access-manager/12.2.1.4/oroau/op-oam-services-rest-consent-delete.html
e. As per Doc ID 2998499.1 , Oauth Consent Management needs to be enabled for 3 legged workflow by setting system Property : "-DconsentExpiryTimeInMinutes=10". The query is why is "consentExpiryTimeInMinutes" needed for Auto revoke of used refresh token?
f. What is the intention of Consent in OAM?
We have shared all available documentation and RFC details. Still customer not satisfied with provided details.
Can someone assist me in resolving the queries mentioned above?
Regards,
Yathish H S