The OAM User session synchronization feature prevents multiple OAM sessions from being created by a mobile user.
The initial OAM session is created during the 3-legged Mobile scenario when the authorization code is created (provided that the OAuth consent UI pages are protected by OAM). This session is stored in the device keystore and used for subsequent OAM token requests for as long as the session is valid.
A one-time Authorization Policy change in Oracle Access Management is required for OAM session synchronization to work. The following steps configure OAM to send Session ID values to OAuth Services. Once configured, OAM session synchronization will always be used for mobile authorization requests when using OAM protection (as opposed to Mobile and Social protection) for the authorization endpoint.
Note:
OAM Session Synchronization requires a WebGate protecting the OAuth Services consent UI pages. See Configuring a WebGate to Protect OAuth Services for details.