Skip to end of metadata
  • Created by Former user, last modified on 2023-09-28
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

In case of client credentials grant in the authorized access use case, a client application impersonates a user that has authorized access to 1-to-n server applications. See also Client Credentials Grant - SSO.

NOTE that if there is an impersonation link between an application and a user the user cannot be deleted from the system until the link has been removed.

Manage impersonation from application side

Link name: impersonateAs

An application may have one impersonateAs link to one user.

Method

Example request

Example response

Description

GET

GET /application/Example/client1/$link/impersonateAs

When there is a link to Example/user1:

{
  "type": "application",
  "id": "/application/Example/client1",
  "objects": [
    {
      "type": "user",
      "id": "/user/Example/user1",
      "link": "impersonateAs"
    }
  ]
}

Get the user linked to the given application with an impersonateAs link

PUT

PUT /application/Example/client1/$link/impersonateAs/user/Example/user1

{
  "type": "application",
  "id": "/application/Example/client1",
  "objects": [
    {
      "type": "user",
      "id": "/user/Example/user1",
      "link": "impersonateAs"
    }
  ]
}

Create or update the link from application to the user. No action if the link between the given application and user already exists. If another user name is given an existing impersonateAs link to a previous user will be replaced with a link to the given user.

DELETE

PUT /application/Example/client1/$link/impersonateAs/user/Example/user1

{
  "type": "application",
  "id": "/application/Example/client1"
}

Remove the link from application to the user.

Manage impersonation from user side

Link name: impersonatedBy

A user may have one-to-many impersonatedBy links to an application.

Method

Example request

Example response

Description

GET

GET /user/Example/user1/$link/impersonatedBy

When there is a link to both Example/client1 and Example/client2: 

{
  "type": "user",
  "id": "/user/Example/user1",
  "objects": [
    {
      "type": "application",
      "id": "/application/Example/client1",
      "link": "impersonatedBy"
    },
    {
      "type": "application",
      "id": "/application/Example/client2",
      "link": "impersonatedBy"
    }
  ]
}

Get the applications linked to the given user with an impersonatedBy link

PUT

PUT /user/Example/user1/$link/impersonatedBy/application/Example/client1

{
  "type": "user",
  "id": "/user/Example/user1",
  "objects": [
    {
      "type": "application",
      "id": "/application/Example/client1",
      "link": "impersonatedBy"
    }
  ]
}

Create or update the link from user to an application. No action if a link between the given user and application already exists. If another application name is given an existing impersonatedBy link to a previous application will be supplemented with a new link to the given application.

DELETE

PUT /user/Example/user1/$link/impersonatedBy/application/Example/client1

{
  "type": "user",
  "id": "/user/Example/user1"
}

Remove the link from user to the application.

  • No labels

Ubisecure Privacy Policy & Cookie Statement