Configuring OAuth 2.0 Flows
OAuth 2.0 is an open-standard framework and specification for authorizing client applications to access online resources. Authorization works by requiring a client to obtain an access token from a server that in turn grants the client access to specific protected resources. The client then sends the access token to the resource whenever it invokes the resource's endpoints.
Privileged Access Service support OAuth 2.0, allowing custom Delinea client applications access to online resources needed by those applications.removed
Flows that Privileged Access Service support are:
| Flow | Description |
|---|---|
| Client Credentials | The client application must provide a client ID and client secret to obtain an access token from a tenant. |
| Authorization Code | The client redirects the user to the OAuth authorization endpoint where the user enters their credentials and grants access. The OAuth server then returns an authorization code to the client. The client then sends a request to the OAuth token endpoint to obtain an access token, and includes the authorization code in this request. The OAuth server then returns the authorization (and refresh token if it's configured) to the client for use in accessing subsequent endpoints. |
| Implicit | The client redirects the user to the OAuth authorization endpoint where the user enters their credentials and grants access. The OAuth authorization endpoint then redirects the user back to the client application and includes the access token in the redirection. The client can then use the access token for use in accessing subsequent endpoints. This flow is the simplest and is typically used by Javascript applications running in a browser. Since the access token under this flow is assumed to be used temporarily, no refresh token is issued by the OAuth server. |
| Resource Owner | The client application provides its own user interface in which the user enters their credentials and grants access to resources. This information is then sent to the OAuth token endpoint which returns an access token to the client. Since this flow does not involve redirection to an OAuth authorization endpoint to obtain authorization, it should only be used in highly privileged client applications such as native applications running on an OS. |
Refer to the Delinea developer portal for more information about using OAuth 2.0.with Delinea.
Refer to the following topics for an overview of the OAuth2 client and server applications used to configure access to your Delinea tenant:
-
Use the custom OAuth2 Client application if the resulting access token is used to call Privileged Access Service APIs.
-
Use the custom OAuth2 Server application for use with another web application's APIs. With the OAuth2 Server application, you can set custom claims in the resulting access token.
