Can we decode the OAuthToken to identify the clientId

Dileepkaranki · December 3, 2024, 6:08pm

Can we decode the OAuthToken to identify the clientId?

Jerome.Saint-Marc · December 4, 2024, 6:41am

Hello,

No, the token is a random string. It does not contain information about the ClientId or else.

If your token is still valid/active, you can use: GET /api/v2/tokens/me to retrieve information about the OAuthClient and the organization.

Regards,

Dileepkaranki · December 4, 2024, 3:32pm

Thank you @Jerome.Saint-Marc
This is the solution we implemented yesterday.

Dileepkaranki · December 4, 2024, 4:08pm

@Jerome.Saint-Marc
Are you saving the token data like clientid,token hash, createddate,expiry date, idle time in the database. I was asking this because support team can provide this information if we send the token.

tim.smith · December 4, 2024, 4:09pm

Please remember that sharing auth tokens is a very insecure practice; it's no different than sending someone your password. This is something you should never do.

Dileepkaranki · December 4, 2024, 4:19pm

Ya got you tim.
Thank you

system · January 4, 2025, 4:19pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.