CMiC API and OAuth 2.0 Integration - Security Considerations and Error Handling for App Registration in Azure

Security Considerations

Secure Token Storage: Ensure that JWT tokens are securely stored, preferably in an encrypted cache or database. Avoid storing tokens in client-side storage or unencrypted.
Token Revocation: If a token needs to be revoked (e.g., if a user logs out), ensure that it is handled either through an OAuth2 mechanism or by ensuring the token is not cached longer than necessary.
Key Rotation: Regularly rotate the signing keys used to generate JWT tokens. Update the JWKS URI if the key changes.

Error Handling and Troubleshooting

If the token is invalid or expired, CMiC will reject the request with an appropriate error message. Common issues include:

Invalid Token: The token's signature cannot be verified.
Expired Token: The token's expiration time has passed.
Invalid Claims: Missing or mismatched claims, such as sub or aud.

Enterprise customers can check the CMiC logs for error messages by contacting CMiC Support. If necessary, debugging logs can be enabled to get detailed information about the validation process.

Cloud customers, please contact CMiC support for further information.

Common Use Cases

Accessing CMiC APIs: OAuth2 is required for accessing certain CMiC APIs that require user authentication. An example API call might look like:

Copy

curl -H "Authorization: Bearer {access_token}" https://api.cmic.com/data