Authorization Server Scopes

Provides operations to manage custom token scopes for the given authServerId and scopeId. See scope properties.

List all custom token scopes
API Access Management
OAuth 2.0 scopes:
  • okta.authorizationServers.read

Lists all custom token scopes

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
query Parameters
q
string

Searches the name of Custom Token Scopes for matching values

filter
string

Filter expression for Custom Token Scopes

after
string

Specifies the pagination cursor for the next page of scopes. Treat the after cursor as an opaque value and obtain it through the next link relationship. See Pagination.

limit
integer <= 200

Specifies the number of objects to return per page. If there are multiple pages of results, the Link header contains a next link that you need to use as an opaque value (follow it, don't parse it). See Pagination.

Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/authorizationServers/{authServerId}/scopes
Request samples 
Response samples 
application/json
[]
Create a custom token scope
API Access Management
OAuth 2.0 scopes: 
  • okta.authorizationServers.manage
Creates a custom token scope


Request 
path Parameters
authServerId
required
string
id of the Authorization Server


 
 Example:  GeGRTEr7f3yu2n7grw22
Request Body schema: application/json
required
name
required
string
Scope name


 
consent
string (OAuth2ScopeConsentType) 
 Default:  "IMPLICIT"
Indicates whether a consent dialog is needed for the Scope


 Enum: "FLEXIBLE" "IMPLICIT" "REQUIRED"  
default
boolean
 Default:  false
Indicates if this Scope is a default scope


 
description
string
Description of the Scope


 
displayName
string
Name of the end user displayed in a consent dialog


 
metadataPublish
string (OAuth2ScopeMetadataPublish) 
 Default:  "NO_CLIENTS"
Indicates whether the Scope is included in the metadata


 Enum: "ALL_CLIENTS" "NO_CLIENTS"  
optional
boolean
 Default:  false
Indicates whether the Scope is optional. When set to true, the user can skip consent for the scope.


 
system
boolean
 Default:  false
Indicates if Okta created the Scope


 
Responses 
201
Success


400
Bad Request


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/authorizationServers/{authServerId}/scopes
Request samples 
application/json
{
  • "name": "car:drive",
  • "description": "Drive car",
  • "consent": "REQUIRED",
  • "displayName": "Saml Jackson"
}
Response samples 
application/json
{}
Retrieve a custom token scope
API Access Management
OAuth 2.0 scopes: 
  • okta.authorizationServers.read
Retrieves a custom token scope


Request 
path Parameters
authServerId
required
string
id of the Authorization Server


 
 Example:  GeGRTEr7f3yu2n7grw22
scopeId
required
string
id of Scope


 
 Example:  0TMRpCWXRKFjP7HiPFNM
Responses 
200
Success


403
Forbidden


404
Not Found


429
Too Many Requests


get/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}
Request samples 
Response samples 
application/json
{}
Replace a custom token scope
API Access Management
OAuth 2.0 scopes: 
  • okta.authorizationServers.manage
Replaces a custom token scope


Request 
path Parameters
authServerId
required
string
id of the Authorization Server


 
 Example:  GeGRTEr7f3yu2n7grw22
scopeId
required
string
id of Scope


 
 Example:  0TMRpCWXRKFjP7HiPFNM
Request Body schema: application/json
required
name
required
string
Scope name


 
consent
string (OAuth2ScopeConsentType) 
 Default:  "IMPLICIT"
Indicates whether a consent dialog is needed for the Scope


 Enum: "FLEXIBLE" "IMPLICIT" "REQUIRED"  
default
boolean
 Default:  false
Indicates if this Scope is a default scope


 
description
string
Description of the Scope


 
displayName
string
Name of the end user displayed in a consent dialog


 
metadataPublish
string (OAuth2ScopeMetadataPublish) 
 Default:  "NO_CLIENTS"
Indicates whether the Scope is included in the metadata


 Enum: "ALL_CLIENTS" "NO_CLIENTS"  
optional
boolean
 Default:  false
Indicates whether the Scope is optional. When set to true, the user can skip consent for the scope.


 
system
boolean
 Default:  false
Indicates if Okta created the Scope


 
Responses 
200
Success


400
Bad Request


403
Forbidden


404
Not Found


429
Too Many Requests


put/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}
Request samples 
application/json
{
  • "description": "Order car",
  • "name": "car:order",
  • "metadataPublish": "ALL_CLIENTS"
}
Response samples 
application/json
{}
Delete a custom token scope
API Access Management
OAuth 2.0 scopes: 
  • okta.authorizationServers.manage
Deletes a custom token scope


Request 
path Parameters
authServerId
required
string
id of the Authorization Server


 
 Example:  GeGRTEr7f3yu2n7grw22
scopeId
required
string
id of Scope


 
 Example:  0TMRpCWXRKFjP7HiPFNM
Responses 
204
No Content


403
Forbidden


404
Not Found


429
Too Many Requests


delete/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}