You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Where a query interaction succeeds (is authorized) and thus the AuditEvent has an .agent following the OAuth profile which includes recording of the oauth token jti; then the inclusion of the http authentication header is not needed and the inclusion of it in the AuditEvent presents a security risk (token reuse).
The text was updated successfully, but these errors were encountered:
Is there some profile of the oauth token that can be described that preserves in the audit that which is useful while explicitly excluding the concerning portions? We need subject matter expert to define this profile of the oauth token for this use-case.
Where a query interaction succeeds (is authorized) and thus the AuditEvent has an .agent following the OAuth profile which includes recording of the oauth token
jti
; then the inclusion of the http authentication header is not needed and the inclusion of it in the AuditEvent presents a security risk (token reuse).The text was updated successfully, but these errors were encountered: