In case of client credentials grant in the authorized access use case, a client application impersonates a user that has authorized access to 1-to-n server applications. See also Client Credentials Grant - SSO.
NOTE that if there is an impersonation link between an application and a user the user cannot be deleted from the system until the link has been removed.
Manage impersonation from application side
Link name: impersonateAs
An application may have one impersonateAs
link to one user.
Method | Example request | Example response | Description |
---|---|---|---|
GET |
| When there is a link to { "type": "application", "id": "/application/Example/client1", "objects": [ { "type": "user", "id": "/user/Example/user1", "link": "impersonateAs" } ] } | Get the user linked to the given application with an |
PUT |
| { "type": "application", "id": "/application/Example/client1", "objects": [ { "type": "user", "id": "/user/Example/user1", "link": "impersonateAs" } ] } | Create or update the link from application to the user. No action if the link between the given application and user already exists. If another user name is given an existing |
DELETE |
| { "type": "application", "id": "/application/Example/client1" } | Remove the link from application to the user. |
Manage impersonation from user side
Link name: impersonatedBy
A user may have one-to-many impersonatedBy
links to an application.
Method | Example request | Example response | Description |
---|---|---|---|
GET |
| When there is a link to both { "type": "user", "id": "/user/Example/user1", "objects": [ { "type": "application", "id": "/application/Example/client1", "link": "impersonatedBy" }, { "type": "application", "id": "/application/Example/client2", "link": "impersonatedBy" } ] } | Get the applications linked to the given user with an |
PUT |
| { "type": "user", "id": "/user/Example/user1", "objects": [ { "type": "application", "id": "/application/Example/client1", "link": "impersonatedBy" } ] } | Create or update the link from user to an application. No action if a link between the given user and application already exists. If another application name is given an existing |
DELETE |
| { "type": "user", "id": "/user/Example/user1" } | Remove the link from user to the application. |