漏洞
Oauth token request using the 'client_credentials' grant_type returns an invalid access token for an Enterprise federated environment
| 漏洞 ID 编号 | BUG-000131282 |
|---|---|
| 已提交 | June 1, 2020 |
| 上次修改时间 | June 5, 2024 |
| 适用范围 | Portal for ArcGIS |
| 找到的版本 | 10.7.1 |
| 操作系统 | Windows OS |
| 操作系统版本 | 10.0 |
| 状态 | Will Not Be Addressed |
附加信息
This is expected behavior. An Oauth token generated with the 'client_credentials' grant_type is considered an 'App Login' and is used to gain access to premium content and services in ArcGIS Online. https://developers.arcgis.com/documentation/core-concepts/security-and-authentication/accessing-arcgis-online-services/ It is not intended to be used to gain access to secured services in Portal for ArcGIS or a federated server. The limitations of this type of Oauth token are documented here: https://developers.arcgis.com/documentation/core-concepts/security-and-authentication/limitations-of-application-authentication/重现步骤
漏洞 ID: BUG-000131282
软件:
- Portal for ArcGIS
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序