To enhance access control, PingFederate supports both explicit and implicit delegation of transaction approval.
- Explicit delegation
- This is the most common OAuth use case, which involves a resource owner (RO) who explicitly delegates the authority to a client to make API calls to a resource server (RS) and is asked to approve the transaction. This is the type of delegation inherent in web redirect flow.
- Implicit delegation
- Implicit delegation also generally involves a client who calls an API on behalf of a user. However, the client's authority is implied by the nature of the transaction, and the user is not specifically asked to approve the transaction.