Is there a possibility an attacker can reverse engineer the client ID/secret from the access token? How is the access token derived?
Nathan Aw
Solved! Go to Solution.
AFAIK, the access-token is randomly generated, there is no mathematical relation at all between tokens and client id/secret. The relation is stored is an Apigee DB.
So, there is no way to reverse engineer the client ID/secret unless you access directly to the DB.
Of course, it's an illegal access from outside. If not, then you have an important security breach.
AFAIK, the access-token is randomly generated, there is no mathematical relation at all between tokens and client id/secret. The relation is stored is an Apigee DB.
So, there is no way to reverse engineer the client ID/secret unless you access directly to the DB.
Of course, it's an illegal access from outside. If not, then you have an important security breach.
AFAIK, the access-token is randomly generated, there is no mathematical relation at all between tokens and client id/secret. The relation is stored is an Apigee DB.
Correct.
there is no way to reverse engineer the client ID/secret unless you access directly to the DB.
Correct.
thank you very much.