The User Grants API provides operations to manage user consent Grants in your org.
A consent represents a user's explicit permission to allow an app to access resources protected by scopes. Consent grants are different from tokens because a consent can outlast a token, and there can be multiple tokens with varying sets of scopes derived from a single consent. When an application comes back and needs to get a new access token, it may not need to prompt the user for consent if they've already consented to the specified scopes. Consent grants remain valid until the user manually revokes them, or until the user, application, authorization server or scope is deactivated or deleted.
Hint: For all grant operations, you can use
meinstead of theuserIdin an endpoint that contains/users, in an active session with no SSWS token (API token). For example:https://${yourOktaDomain}/api/v1/users/me/grantsreturns all the grants for the active session user.
Note: Some browsers have begun blocking third-party cookies by default, disrupting Okta functionality in certain flows. For more information, see FAQ: How Blocking Third Party Cookies Can Potentially Impact Your Okta Environment.
okta.users.readLists all Grants for a specified User and client
| expand | string Valid value: |
| after | string The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the |
| limit | integer <int32> [ 1 .. 200 ] Default: 20 Specifies the number of tokens to return |
Success
Forbidden
Not Found
Too Many Requests
[- {
- "clientId": "oag3ih1zrm1cBFOiq0h6",
- "created": "2017-03-28T01:11:10.000Z",
- "createdBy": {
- "id": "00u5t60iloOHN9pBi0h7",
- "type": "User"
}, - "id": "oag3ih1zrm1cBFOiq0h6",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "scopeId": "okta.users.read",
- "source": "ADMIN",
- "status": "ACTIVE",
- "userId": "00u5t60iloOHN9pBi0h7",
- "_embedded": {
- "scope": {
- "id": "okta.users.read"
}
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "templated": true,
- "type": "string"
}, - "scope": {
- "title": "My phone"
}, - "user": {
- "title": "SAML Jackson"
}, - "authorizationServer": {
- "title": "Example Authorization Server"
}
}
}
]okta.users.manageRevokes all Grants for the specified User and client
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}okta.users.readLists all Grants for the specified user
| scopeId | string The scope ID to filter on |
| expand | string Valid value: Example: expand=scope |
| after | string The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the |
| limit | integer <int32> [ 1 .. 200 ] Default: 20 Specifies the number of grants to return |
Success
Forbidden
Not Found
Too Many Requests
[- {
- "clientId": "oag3ih1zrm1cBFOiq0h6",
- "created": "2017-03-28T01:11:10.000Z",
- "createdBy": {
- "id": "00u5t60iloOHN9pBi0h7",
- "type": "User"
}, - "id": "oag3ih1zrm1cBFOiq0h6",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "scopeId": "okta.users.read",
- "source": "ADMIN",
- "status": "ACTIVE",
- "userId": "00u5t60iloOHN9pBi0h7",
- "_embedded": {
- "scope": {
- "id": "okta.users.read"
}
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "templated": true,
- "type": "string"
}, - "scope": {
- "title": "My phone"
}, - "user": {
- "title": "SAML Jackson"
}, - "authorizationServer": {
- "title": "Example Authorization Server"
}
}
}
]okta.users.manageRevokes all Grants for a specified User
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}okta.users.readRetrieves a Grant for the specified User
Success
Forbidden
Not Found
Too Many Requests
{- "clientId": "oag3ih1zrm1cBFOiq0h6",
- "created": "2017-03-28T01:11:10.000Z",
- "createdBy": {
- "id": "00u5t60iloOHN9pBi0h7",
- "type": "User"
}, - "id": "oag3ih1zrm1cBFOiq0h6",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "scopeId": "okta.users.read",
- "source": "ADMIN",
- "status": "ACTIVE",
- "userId": "00u5t60iloOHN9pBi0h7",
- "_embedded": {
- "scope": {
- "id": "okta.users.read"
}
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "templated": true,
- "type": "string"
}, - "scope": {
- "title": "My phone"
}, - "user": {
- "title": "SAML Jackson"
}, - "authorizationServer": {
- "title": "Example Authorization Server"
}
}
}okta.users.manageRevokes one Grant for a specified User
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}