Each client application that you want to impersonate a user with must obtain an OAuth licensing token. Every client application must also have a corresponding SPFClientApplication object created in SDx.
-
You control which users can be impersonated using the SPFClientApplication object.
-
All users in the client application can be impersonated by setting the Allow impersonation of all users property to True for each SPFClientApplication object.
-
You can restrict user impersonation to just a subset of users by selecting False and then creating a relationship between the subset of users you want to be impersonated and the client application.
-
The client application client id in each SPFClientApplication object must match the authorization server client id exactly.
-
The SPFClientApplication object must be created using the client id of an OAuth client, which uses the Client Credentials authorization work flow only.