Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Description

According to the RFC 6749 an application (client) owns the credentials and uses them to get an access token from the Authorization Server.

Authentication happens in a single request-response conversation when the request contains client credentials, grant_type (client_credentials) and optionally scope.

The response contains an access token, its type and expiration. Refresh token should not be included.

There are two main use cases for Client Credentials Grant in SSO:

  • Single application use case: token grants access to the application itself;

  • Authorized access use case: token grants access to a number of server applications according to the service user rights (group membership, authentication method allowed for service user account).

Single application use case

Description

In a single application use case a token grants access to only application itself. There is no authorization for this case.

Configuration

Client Credentials Grant can be configured either with SSO Management UI or SSO Management API. This instruction covers the UI. Refer to Configuring impersonation for API instructions.

Prerequisite: site “Example”, application “Client1” and group “Group1” exist in SSO.

The following steps are required:

1. Create and enable authentication method as described in OAuth 2.0 Client Credentials Grant authentication method - SSO

  1. Enable the created method

Management

TBD API calls

Authorized access use case

  • No labels

Ubisecure Privacy Policy & Cookie Statement