Client Role Assignments

The Client Role Assignments APIs allow you to assign roles and designate third-party admin status to public client apps.

List all Client Role Assignments
OAuth 2.0: okta.roles.read

Lists all roles assigned to a Client Application identified by clientId

Request
path Parameters
clientId
required
string

client_id of the app

Example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/oauth2/v1/clients/{clientId}/roles
Request samples 
Response samples 
application/json
[]
Assign a Client Role
OAuth 2.0: okta.roles.manage
Assigns a standard role to a Client Application.


You can also assign a custom role to a Client Application, but the preferred method to assign a custom role to a client is to create a binding between the Custom Role, the Resource Set, and the Client Application. See Create a Role Resource Set Binding.




Notes:


    

  • The request payload is different for standard and custom role assignments.
    • 

  • For IAM-based standard role assignments, use the request payload for standard roles. However, the response payload for IAM-based role assignments is similar to the custom role's assignment response.
    • 





Request 
path Parameters
clientId
required
string
client_id of the app


 
 Example:  52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
Request Body schema: application/json
required
One of:
type
string
Specify the standard or IAM-based role type. See standard roles.


 
Responses 
200
Success


403
Forbidden


404
Not Found


429
Too Many Requests


post/oauth2/v1/clients/{clientId}/roles
Request samples 
application/json
{
  • "type": "HELP_DESK_ADMIN"
}
Response samples 
application/json
{}
Retrieve a Client Role
OAuth 2.0: okta.roles.read
Retrieves a Role Assignment (identified by roleAssignmentId) for a Client Application (identified by clientId)


Request 
path Parameters
clientId
required
string
client_id of the app


 
 Example:  52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
roleAssignmentId
required
string
The id of the Role Assignment


 
 Example:  JBCUYUC7IRCVGS27IFCE2SKO
Responses 
200
Success


403
Forbidden


404
Not Found


429
Too Many Requests


get/oauth2/v1/clients/{clientId}/roles/{roleAssignmentId}
Request samples 
Response samples 
application/json
{}
Unassign a Client Role
OAuth 2.0: okta.roles.manage
Unassigns a Role Assignment (identified by roleAssignmentId) from a Client Application (identified by clientId)


Request 
path Parameters
clientId
required
string
client_id of the app


 
 Example:  52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
roleAssignmentId
required
string
The id of the Role Assignment


 
 Example:  JBCUYUC7IRCVGS27IFCE2SKO
Responses 
204
No Content


403
Forbidden


404
Not Found


429
Too Many Requests


delete/oauth2/v1/clients/{clientId}/roles/{roleAssignmentId}
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}