...

Authorized access use case

Description

In authorized access use case a token issued with client credentials of one application (Client) can grant access to other applications (Server1…ServerN). Authorization is based on access rights of impersonated user (User).

...

If Client application is using the token to access to itself then User account should be a member of the group which is allowed to access the application.

Configuration

Prerequisites:

1. Site Example, OAuth 2.0 applications Client, Server1, Server2, user account User and groups Group1, Group2 exist in SSO.

2. Application Client has client_credentials grant type and client IDs of server applications in its metadata:

...