We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

OAuth Tokens - Digitally Signed?

RV
Regular Contributor
Regular Contributor

Are the tokens issued by Saviynt (refresh_token) when calling {{url}}/ECM/api/login service is digitally signed?

2 REPLIES 2

rushikeshvartak
All-Star
All-Star

Yes, Saviynt uses digital signatures to secure its refresh tokens. The digital signature provides authentication and integrity protection for the refresh token, ensuring that it cannot be modified or tampered with in transit. This helps to prevent unauthorized access to the token and the sensitive information it contains.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

RV
Regular Contributor
Regular Contributor

1.  What alg does saviynt uses in signing these tokens?

2. Does Saviynt support any other authentication (client based cert or JWT) instead of standard username/password when calling /ECM/api/login?