The Application Grants API provides a set of operations to manage scope consent grants for an app.
A scope consent grant represents an app's permission to include specific Okta scopes in OAuth 2.0 Bearer tokens. If the app doesn't have permission to grant consent for a particular Okta scope, token requests that contain the scope are denied.
okta.appGrants.readLists all scope consent Grants for the app
Success
Forbidden
Not Found
Too Many Requests
[- {
- "id": "oag91n9ruw3dsaXzP0h6",
- "status": "ACTIVE",
- "created": "2023-02-21T16:54:00.000Z",
- "createdBy": {
- "id": "00u6eltha0nrSc47i0h7",
- "type": "User"
}, - "lastUpdated": "2023-02-21T16:54:00.000Z",
- "issuer": "{yourOktaDomain}",
- "clientId": "{clientId}",
- "scopeId": "okta.users.read",
- "source": "ADMIN",
- "_embedded": {
- "scope": {
- "id": "okta.users.read"
}
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "DELETE"
]
}
},
}
}, - {
- "id": "oaghm3sh9ukdkvDmO0h6",
- "status": "ACTIVE",
- "created": "2023-02-03T21:57:49.000Z",
- "createdBy": {
- "id": "00u6eltha0nrSc47i0h7",
- "type": "User"
}, - "lastUpdated": "2023-02-03T21:57:49.000Z",
- "issuer": "{yourOktaDomain}",
- "clientId": "{clientId}",
- "scopeId": "okta.apps.manage",
- "source": "ADMIN",
- "_embedded": {
- "scope": {
- "id": "okta.apps.manage"
}
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "DELETE"
]
}
},
}
}
]okta.appGrants.manageGrants consent for the app to request an OAuth 2.0 Okta scope
| issuer required | string The issuer of your org authorization server. This is typically your Okta domain. |
| scopeId required | string The name of the Okta scope for which consent is granted |
Created
Bad Request
Forbidden
Not Found
Too Many Requests
{- "issuer": "{yourOktaDomain}",
- "scopeId": "okta.users.read"
}{- "id": "oag91n9ruw3dsaXzP0h6",
- "status": "ACTIVE",
- "created": "2023-02-21T16:54:00.000Z",
- "createdBy": {
- "id": "00u6eltha0nrSc47i0h7",
- "type": "User"
}, - "lastUpdated": "2023-02-21T16:54:00.000Z",
- "issuer": "{yourOktaDomain}",
- "clientId": "{clientId}",
- "scopeId": "okta.users.read",
- "source": "ADMIN",
- "_embedded": {
- "scope": {
- "id": "okta.users.read"
}
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "DELETE"
]
}
},
}
}okta.appGrants.readRetrieves a single scope consent Grant object for the app
Success
Forbidden
Not Found
Too Many Requests
{- "id": "oag91n9ruw3dsaXzP0h6",
- "status": "ACTIVE",
- "created": "2023-02-21T16:54:00.000Z",
- "createdBy": {
- "id": "00u6eltha0nrSc47i0h7",
- "type": "User"
}, - "lastUpdated": "2023-02-21T16:54:00.000Z",
- "issuer": "{yourOktaDomain}",
- "clientId": "{clientId}",
- "scopeId": "okta.users.read",
- "source": "ADMIN",
- "_embedded": {
- "scope": {
- "id": "okta.users.read"
}
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "DELETE"
]
}
},
}
}okta.appGrants.manageRevokes permission for the app to grant the given scope
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}