Application Grants

The Application Grants API provides a set of operations to manage scope consent grants for an app.

A scope consent grant represents an app's permission to include specific Okta scopes in OAuth 2.0 Bearer tokens. If the app doesn't have permission to grant consent for a particular Okta scope, token requests that contain the scope are denied.

List all app grants
OAuth 2.0: okta.appGrants.read

Lists all scope consent Grants for the app

Request
path Parameters
appId
required
string

Application ID

Example: 0oafxqCAJWWGELFTYASJ
query Parameters
expand
string

An optional parameter to return scope details in the _embedded property. Valid value: scope

Example: expand=scope
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/apps/{appId}/grants
Request samples
Response samples
application/json
[]

Grant consent to scope
OAuth 2.0: okta.appGrants.manage

Grants consent for the app to request an OAuth 2.0 Okta scope

Request
path Parameters
appId
required
string

Application ID

Example: 0oafxqCAJWWGELFTYASJ
Request Body schema: application/json
required
issuer
required
string

The issuer of your org authorization server. This is typically your Okta domain.

scopeId
required
string

The name of the Okta scope for which consent is granted

Responses
201

Created

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/apps/{appId}/grants
Request samples
application/json
{
  • "issuer": "{yourOktaDomain}",
  • "scopeId": "okta.users.read"
}
Response samples
application/json
{}

Retrieve an app grant
OAuth 2.0: okta.appGrants.read

Retrieves a single scope consent Grant object for the app

Request
path Parameters
appId
required
string

Application ID

Example: 0oafxqCAJWWGELFTYASJ
grantId
required
string

Grant ID

Example: iJoqkwx50mrgX4T9LcaH
query Parameters
expand
string

An optional parameter to return scope details in the _embedded property. Valid value: scope

Example: expand=scope
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/apps/{appId}/grants/{grantId}
Request samples
Response samples
application/json
{}

Revoke an app grant
OAuth 2.0: okta.appGrants.manage

Revokes permission for the app to grant the given scope

Request
path Parameters
appId
required
string

Application ID

Example: 0oafxqCAJWWGELFTYASJ
grantId
required
string

Grant ID

Example: iJoqkwx50mrgX4T9LcaH
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/apps/{appId}/grants/{grantId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}