You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Imagine my user account in WSO2 Identity Server is john. I have also one other associated user account in the identity server under the name, ben.
I use an application, which shows all my user accounts in the identity server once I successfully logged in.
As of now, the above scenario can be done successfully. The application can call the WSO2 Identity Server user account association APIs and list all the associated accounts on-behalf of me(once I logged in).
But I want to see some of my attributes of the associated accounts(Ex: email addresses). This should be possible in a way that the application calls WSO2 IS SCIM APIs on-behalf of my associated accounts, then retrieve any attributes, without me logging in as each associated user(Ex: When I log in as john, the email address of ben should be shown by the application).
The idea here is that all my associated accounts are essentially mine, therefore once logged in as a user, any of the subsequent REST API calls on-behalf of any associated user account, should be allowed.
The text was updated successfully, but these errors were encountered:
Changing the authorized user dynamically will be an approach that will not work with any other resource server other than for the IS product APIs.
Therefore, fixing the authentication valve and using the header to call REST APIs on behalf of the associated user approach is not suitable.
Since we have introduced a grant type to switch and get tokens on behalf of the associated user, an appropriate way of doing this requirement is to get a new access token via the switch grant, then call REST APIs as required.
Imagine my user account in WSO2 Identity Server is
john
. I have also one other associated user account in the identity server under the name,ben
.I use an application, which shows all my user accounts in the identity server once I successfully logged in.
As of now, the above scenario can be done successfully. The application can call the WSO2 Identity Server user account association APIs and list all the associated accounts on-behalf of me(once I logged in).
But I want to see some of my attributes of the associated accounts(Ex: email addresses). This should be possible in a way that the application calls WSO2 IS SCIM APIs on-behalf of my associated accounts, then retrieve any attributes, without me logging in as each associated user(Ex: When I log in as
john
, the email address ofben
should be shown by the application).The idea here is that all my associated accounts are essentially mine, therefore once logged in as a user, any of the subsequent REST API calls on-behalf of any associated user account, should be allowed.
The text was updated successfully, but these errors were encountered: