Versions Compared

Old Version 8

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In case of client credentials grant in the authorized access use case, a client application impersonates a user that has authorized access to 1-to-n server applications. See also Client Credentials Grant - SSO.

Impersonation is configured as a specific link between the application and the user.

NOTE that if there is an impersonation link between an application and impersonates a user the user cannot be which is deleted from the system until also the link has been removedwill be removed. A new user must be linked to the application to make client credentials grant authorized access use case functional again.

About SSO Management API in general, see Management API - SSO.

...

Manage impersonation from user side

Link name: impersonatedBy

A The same user may have one-to-many impersonatedBy links to an applicationseveral applications.

Method

Example request

Example response

Description

GET

GET /user/Example/user1/$link/impersonatedBy

When there is a link to both Example/client1 and Example/client2:

Code Block
{
  "type": "user",
  "id": "/user/Example/user1",
  "objects": [
    {
      "type": "application",
      "id": "/application/Example/client1",
      "link": "impersonatedBy"
    },
    {
      "type": "application",
      "id": "/application/Example/client2",
      "link": "impersonatedBy"
    }
  ]
}

Get the applications linked to the given user with an impersonatedBy link

PUT

PUT /user/Example/user1/$link/impersonatedBy/application/Example/client1

Code Block
{
  "type": "user",
  "id": "/user/Example/user1",
  "objects": [
    {
      "type": "application",
      "id": "/application/Example/client1",
      "link": "impersonatedBy"
    }
  ]
}

Create or update the link from user to an application. No action if a link between the given user and application already exists. If another application name is given an existing impersonatedBy link to a previous application will be supplemented with a new link to the given application.

DELETE

PUT /user/Example/user1/$link/impersonatedBy/application/Example/client1

Code Block
{
  "type": "user",
  "id": "/user/Example/user1"
}

Remove the link from user to the application.

...