...
Many e-services and content providers have information and data content which they want to offer their customers and partners through a secure API, to enable easy and secure consumption and aggregation of that data content into various 3rd party e-services and applications and based on contractual relationships.
| Gliffy | ||
|---|---|---|
|
|
|---|
| Figure 4. Accessing Data from backend API On Behalf of Authorized User using OAuth 2.0 |
In such setups, the portal or e-service of the Enterprise Account Customer acts as the OAuth 2.0 Client, whereas the content provider e-service API is the OAuth 2.0 Resource Server.
In this use case the Enterprise Account Customers are authorized based on the System Account contractually issued to them, based on the business relationship between the Content Provider and the Enterprise Customer.
...
 |
|---|
Figure 5. Contractual Delivery of the Data over Secure API Using OAuth 2.0 Authorization and System Accounts |
The sequence diagram of the OAuth 2.0 Authorization of Enterprise Account Users in API Security Use cases is described in pageĀ Password grant - SSO.
...
In such setups, the portal or e-service has a dual role: First, it acts as the OAuth 2.0 Resource Server for the OAuth 2.0 Client. Secondly, it also acts as a OAuth 2.0 Client whereas the backend content provider e-service API is the OAuth 2.0 Resource Server.
| Gliffy | ||||
|---|---|---|---|---|
|
|
|---|
| Figure 6. Accessing Data from backend API On Behalf of Authorized User using OAuth 2.0 |
The sequence diagram of the OAuth 2.0 Authorization of Individual Users in API Security Use cases is described in pageĀ Password grant - SSO.
...
|
|---|
| Figure 7. Sequence diagram of authorization code grant for Authorization of Individual Users in API Security Use cases |
OAuth 2.0 Grant Types in Ubisecure SSO
...