Authorization Server Clients

These endpoints allow you to manage tokens issued by an authorization server for a particular client. For example, you can revoke every active refresh token for a specific client. You can also revoke specific tokens or manage tokens at the User level.

Read Validate access tokens and Validate ID tokens to understand more about how OAuth 2.0 tokens work.

List all client resources for an authorization server
API Access Management
OAuth 2.0: okta.authorizationServers.read

Lists all Client resources for which the specified authorization server has tokens

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/authorizationServers/{authServerId}/clients
Request samples
Response samples
application/json
[]

List all refresh tokens for a client
API Access Management
OAuth 2.0: okta.authorizationServers.read

Lists all refresh tokens issued by an authorization server for a specific Client

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
clientId
required
string

Client app ID

Example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
query Parameters
expand
string

Valid value: scope. If specified, scope details are included in the _embedded attribute.

after
string

Specifies the pagination cursor for the next page of tokens

limit
integer <int32>
Default: -1

The maximum number of tokens to return (maximum 200)

Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens
Request samples
Response samples
application/json
[]

Revoke all refresh tokens for a client
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Revokes all refresh tokens for a Client

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
clientId
required
string

Client app ID

Example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

Retrieve a refresh token for a client
API Access Management
OAuth 2.0: okta.authorizationServers.read

Retrieves a refresh token for a Client

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
clientId
required
string

Client app ID

Example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
tokenId
required
string

id of Token

Example: sHHSth53yJAyNSTQKDJZ
query Parameters
expand
string

Valid value: scope. If specified, scope details are included in the _embedded attribute.

Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}
Request samples
Response samples
application/json
[]

Revoke a refresh token for a client
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Revokes a refresh token for a Client

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
clientId
required
string

Client app ID

Example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
tokenId
required
string

id of Token

Example: sHHSth53yJAyNSTQKDJZ
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}