Authorization Server Rules

Provides operations to manage policy rules for the given authServerId, policyId, and ruleId.

List all policy rules
API Access Management
OAuth 2.0 scopes:
  • okta.authorizationServers.read

Lists all policy rules for the specified Custom Authorization Server and Policy

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
policyId
required
string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules
Request samples 
Response samples 
application/json
[]
Create a policy rule
API Access Management
OAuth 2.0 scopes: 
  • okta.authorizationServers.manage
Creates a policy rule for the specified Custom Authorization Server and Policy


Request 
path Parameters
authServerId
required
string
id of the Authorization Server


 
 Example:  GeGRTEr7f3yu2n7grw22
policyId
required
string
id of the Policy


 
 Example:  00plrilJ7jZ66Gn0X0g3
Request Body schema: application/json
required
name
required
string
Name of the rule


 
required
object (AuthorizationServerPolicyRuleConditions) 
 
object (GrantTypePolicyRuleCondition) 
Array of grant types that this condition includes. Determines the mechanism that Okta uses to authorize the creation of the tokens.


 
include
Array of strings
Array of grant types that this condition includes.


 
object (AuthorizationServerPolicyPeopleCondition) 
Identifies Users and Groups that are used together


 
object (AuthorizationServerPolicyRuleGroupCondition) 
Specifies a set of Groups whose Users are to be included


 
object (AuthorizationServerPolicyRuleUserCondition) 
Specifies a set of Users to be included


 
object (OAuth2ScopesMediationPolicyRuleCondition) 
Array of scopes that the condition includes


 
include
Array of strings
 
type
required
string
Rule type


 Value: "RESOURCE_ACCESS"  
object (AuthorizationServerPolicyRuleActions) 
 
object (TokenAuthorizationServerPolicyRuleAction) 
 
accessTokenLifetimeMinutes
integer
Lifetime of the access token in minutes. The minimum is five minutes. The maximum is one day.


 
object (TokenAuthorizationServerPolicyRuleActionInlineHook) 
 
refreshTokenLifetimeMinutes
integer
Lifetime of the refresh token is the minimum access token lifetime.


 
refreshTokenWindowMinutes
integer
Timeframe when the refresh token is valid. The minimum is 10 minutes. The maximum is five years (2,628,000 minutes).


 
priority
integer
Priority of the rule


 
status
string
Status of the rule


 Enum: "ACTIVE" "INACTIVE"  
system
boolean
Set to true for system rules. You can't delete system rules.


 
Responses 
201
Created


400
Bad Request


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules
Request samples 
application/json
{
  • "type": "RESOURCE_ACCESS",
  • "name": "Default Policy Rule",
  • "priority": 1,
  • "conditions": {
    • "people": {
      },
    • "grantTypes": {
      },
    • "scopes": {
      }
    },
  • "actions": {
    • "token": {
      }
    }
}
Response samples 
application/json
{}
Retrieve a policy rule
API Access Management
OAuth 2.0 scopes: 
  • okta.authorizationServers.read
Retrieves a policy rule by ruleId


Request 
path Parameters
authServerId
required
string
id of the Authorization Server


 
 Example:  GeGRTEr7f3yu2n7grw22
policyId
required
string
id of the Policy


 
 Example:  00plrilJ7jZ66Gn0X0g3
ruleId
required
string
id of the policy rule


 
 Example:  ruld3hJ7jZh4fn0st0g3
Responses 
200
Success


403
Forbidden


404
Not Found


429
Too Many Requests


get/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}
Request samples 
Response samples 
application/json
{}
Replace a policy rule
API Access Management
OAuth 2.0 scopes: 
  • okta.authorizationServers.manage
Replaces the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy


Request 
path Parameters
authServerId
required
string
id of the Authorization Server


 
 Example:  GeGRTEr7f3yu2n7grw22
policyId
required
string
id of the Policy


 
 Example:  00plrilJ7jZ66Gn0X0g3
ruleId
required
string
id of the policy rule


 
 Example:  ruld3hJ7jZh4fn0st0g3
Request Body schema: application/json
required
name
required
string
Name of the rule


 
required
object (AuthorizationServerPolicyRuleConditions) 
 
object (GrantTypePolicyRuleCondition) 
Array of grant types that this condition includes. Determines the mechanism that Okta uses to authorize the creation of the tokens.


 
include
Array of strings
Array of grant types that this condition includes.


 
object (AuthorizationServerPolicyPeopleCondition) 
Identifies Users and Groups that are used together


 
object (AuthorizationServerPolicyRuleGroupCondition) 
Specifies a set of Groups whose Users are to be included


 
object (AuthorizationServerPolicyRuleUserCondition) 
Specifies a set of Users to be included


 
object (OAuth2ScopesMediationPolicyRuleCondition) 
Array of scopes that the condition includes


 
include
Array of strings
 
type
required
string
Rule type


 Value: "RESOURCE_ACCESS"  
object (AuthorizationServerPolicyRuleActions) 
 
object (TokenAuthorizationServerPolicyRuleAction) 
 
accessTokenLifetimeMinutes
integer
Lifetime of the access token in minutes. The minimum is five minutes. The maximum is one day.


 
object (TokenAuthorizationServerPolicyRuleActionInlineHook) 
 
refreshTokenLifetimeMinutes
integer
Lifetime of the refresh token is the minimum access token lifetime.


 
refreshTokenWindowMinutes
integer
Timeframe when the refresh token is valid. The minimum is 10 minutes. The maximum is five years (2,628,000 minutes).


 
priority
integer
Priority of the rule


 
status
string
Status of the rule


 Enum: "ACTIVE" "INACTIVE"  
system
boolean
Set to true for system rules. You can't delete system rules.


 
Responses 
200
Success


400
Bad Request


403
Forbidden


404
Not Found


429
Too Many Requests


put/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}
Request samples 
application/json
{
  • "type": "RESOURCE_ACCESS",
  • "name": "Default Policy Rule",
  • "priority": 1,
  • "status": "ACTIVE",
  • "conditions": {
    • "people": {
      },
    • "grantTypes": {
      },
    • "scopes": {
      }
    },
  • "actions": {
    • "token": {
      }
    }
}
Response samples 
application/json
{}
Delete a policy rule
API Access Management
OAuth 2.0 scopes: 
  • okta.authorizationServers.manage
Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy


Request 
path Parameters
authServerId
required
string
id of the Authorization Server


 
 Example:  GeGRTEr7f3yu2n7grw22
policyId
required
string
id of the Policy


 
 Example:  00plrilJ7jZ66Gn0X0g3
ruleId
required
string
id of the policy rule


 
 Example:  ruld3hJ7jZh4fn0st0g3
Responses 
204
No Content


403
Forbidden


404
Not Found


429
Too Many Requests


delete/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}
Activate a policy rule
API Access Management
OAuth 2.0 scopes: 
  • okta.authorizationServers.manage
Activates an authorization server policy rule


Request 
path Parameters
authServerId
required
string
id of the Authorization Server


 
 Example:  GeGRTEr7f3yu2n7grw22
policyId
required
string
id of the Policy


 
 Example:  00plrilJ7jZ66Gn0X0g3
ruleId
required
string
id of the policy rule


 
 Example:  ruld3hJ7jZh4fn0st0g3
Responses 
204
No Content


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}
Deactivate a policy rule
API Access Management
OAuth 2.0 scopes: 
  • okta.authorizationServers.manage
Deactivates an authorization server policy rule


Request 
path Parameters
authServerId
required
string
id of the Authorization Server


 
 Example:  GeGRTEr7f3yu2n7grw22
policyId
required
string
id of the Policy


 
 Example:  00plrilJ7jZ66Gn0X0g3
ruleId
required
string
id of the policy rule


 
 Example:  ruld3hJ7jZh4fn0st0g3
Responses 
204
No Content


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}