Manualshelf

White Papers

ManualsBrandsDell ManualsConverged InfrastructureSecurity Solution Resources
123456
So, with Delegated Authorization a User (“Resource Owner”) delegates access to
the resources a user owns to a designated client application, without enabling the
client application to impersonate the user.
This means that an iDRAC user may enable a third-party client application to
invoke the iDRAC web API on users’ behalf without users having to share their
username and password with the client application. To avoid constant requests
for consent, a User may elect to provide the client with an “Offline Token”. A
client will exchange this offline token with the Authorization Server for a normal
token to access the iDRAC.
Fig 1
Initially iDRAC is configured to use Authorization Server’s public key.
Step 1: Client requests and obtains an access token on behalf of the user.
Step 2: Client specifies the access token on the API request.
Step 3: iDRAC validates token using the Authorization Server’s public key
Step 4: Client receives the response from the iDRAC.