PingFederate Server

Delegated access types

To enhance access control, PingFederate supports both explicit and implicit delegation of transaction approval.

Explicit delegation

This is the most common OAuth use case, which involves a resource owner (RO) who explicitly delegates the authority to a client to make API calls to a resource server (RS) and is asked to approve the transaction. This is the type of delegation inherent in web redirect flow.

Implicit delegation

Implicit delegation also generally involves a client who calls an API on behalf of a user. However, the client’s authority is implied by the nature of the transaction, and the user is not specifically asked to approve the transaction.