APIs for managing OAuth 2.0 authorization grants
There are two API endpoints that are available to manage a user/s grants. These endpoints are useful for building an SPA or custom USC.
- The first endpoint allows listing all of a user's grants.
- Issue a HTTP GET to: http://server.oauth.com/mga/sps/mga/user/mgmt/grant.
The API responds
with:
{ "grants": [ { "id": "uuid8f63b7ee-0169-1c05-a78c-af253b6a2308", "isEnabled": true, "clientId": "client1", "tokens": [ { "type": "authorization_grant", "subType": "refresh_token", "dateCreated": "2019-03-18T06:01:11Z", "lifetime": 604799, "lastUsed": "2019-03-18T06:01:11Z", "scope": "openid,email" } ], "attributes": [ { "name": "attribute1", "readonly": false, "sensitive": false, "value": "123" }, { "name": "attribute2", "readonly": false, "sensitive": false, "value": "456" } ], "clientName": "client1" }, ... ], "username": "testuser" }
- The second endpoint allows operations on a per grant basis. This endpoint requires the grant-id to be known, the API documented above includes the grantId.
- To use this endpoint, issue a HTTP GET to:
http://server.oauth.com/mga/sps/mga/user/mgmt/grant/{grantId}. The API
responds with the
grant:
{ "id": "uuid8f63b7ee-0169-1c05-a78c-af253b6a2308", "isEnabled": true, "clientId": "client1", "tokens": [ { "type": "authorization_grant", "subType": "refresh_token", "dateCreated": "2019-03-18T06:01:11Z", "lifetime": 604799, "lastUsed": "2019-03-18T06:01:11Z", "scope": "openid,email" } ], "attributes": [ { "name": "attribute1", "readonly": false, "sensitive": false, "value": "123" }, { "name": "attribute2", "readonly": false, "sensitive": false, "value": "456" } ], "clientName": "client1" }
This endpoint also supports a HTTP DELETE to remove a grant. Issue a HTTP delete to http://server.oauth.com/mga/sps/mga/user/mgmt/grant/{grantId}.
The attributes can also be updated when they are not read-only. Issue a HTTP PUT to http://server.oauth.com/mga/sps/mga/user/mgmt/grant/{grantId} , with the body:{ "isEnabled": true, "attributes": [ { "name": "attribute1", "value": "newvalue1" }, { "name": "attribute2", "value": "newvalue2" } ] }