Skip to Main Content

Identity & Platform

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

OAM 12.2.1.4 OAuth - questions on Authorization code 3-legged flow

One of our customer come up with below question :

a. What is the business intention of having Consent in OAuth 3-legged flow of OAM?
b. Can you please specify a usecase/sceanrio when would an application use this?
c. Can you please specify a usecase/scenario where can a user see the consent?
d. As per below documentation OAuth Consent can be revoked only an End User or an administrator. Can you please specify a client usecase or real world scenario where this REST API can be leveraged?
https://docs.oracle.com/en/middleware/idm/access-manager/12.2.1.4/oroau/op-oauth2-rest-consent-delete.html
https://docs.oracle.com/en/middleware/idm/access-manager/12.2.1.4/oroau/op-oam-services-rest-consent-delete.html

e. As per Doc ID 2998499.1 , Oauth Consent Management needs to be enabled for 3 legged workflow by setting system Property : "-DconsentExpiryTimeInMinutes=10". The query is why is "consentExpiryTimeInMinutes" needed for Auto revoke of used refresh token?

f. What is the intention of Consent in OAM?

We have shared all available documentation and RFC details. Still customer not satisfied with provided details.

Can someone assist me in resolving the queries mentioned above?

Regards,
Yathish H S

Comments
Post Details
Added on Dec 5 2024
0 comments
37 views