...
In authorized access use case a token issued with client credentials of one application (Client1) can grant access to other applications (Server1…ServerN). Authorization is based on access rights of impersonated user (User1).
For example when a Client1 is could be a command line script, Server1 is SSO Management API and Server2 is CustomerID API.
The configuration with 2 server applications shown below.
|
...
| |||
SSO OAuth 2.0 Client Credentials Grant authorized access to multiple applications |
The Client application is impersonating a User1 which is a member of 3 groups. Each of these groups has access to the respective application that should be accessible with Client1 application’s client credentials. Authorization policies that can be configured for server applications are omitted from the configuration example as it is not mandatory.
...
Create and enable authentication method AuthMethod ClientCredentialsMethod as described in OAuth 2.0 Client Credentials Grant authentication method - SSO
Add this ClientCredentialsMethod method to site Example.
Allow AuthMethod ClientCredentialsMethod method for applications: Client1, Server1 and Server2.
Allow ClientGroup to access Client1 application.
Allow Group1 to access application Server1.
Allow Group2 to access application Server2.
Allow AuthMethod ClientCredentialsMethod method for user account User1.
Make User1 a member of ClientGroup, Group1 and Group2.
Add Client1 application to the list of applications impersonating an account User1.
...