grants
Creates, updates, deletes, gets or lists a grants resource.
Overview
| Name | grants |
| Type | Resource |
| Id | okta.apps.grants |
Fields
The following fields are returned by SELECT queries:
- list_scope_consent_grants
- get_scope_consent_grant
| Name | Datatype | Description |
|---|---|---|
id | string | ID of the Grant object (example: oag3ih1zrm1cBFOiq0h6) |
_embedded | object | Embedded resources related to the Grant |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
clientId | string | Client ID of the app integration (example: oag3ih1zrm1cBFOiq0h6) |
created | string (date-time) | Timestamp when the object was created (example: 2017-03-28T01:11:10.000Z) |
createdBy | object | User that created the object |
issuer | string | The issuer of your org authorization server. This is typically your Okta domain. (example: https://my_test_okta_org.oktapreview.com) |
lastUpdated | string (date-time) | Timestamp when the object was last updated |
scopeId | string | The name of the Okta scope for which consent is granted (example: okta.users.read) |
source | string | User type source that granted consent (example: ADMIN) |
status | string | Status (example: ACTIVE) |
userId | string | User ID that granted consent (if source is END_USER) (example: 00u5t60iloOHN9pBi0h7) |
| Name | Datatype | Description |
|---|---|---|
id | string | ID of the Grant object (example: oag3ih1zrm1cBFOiq0h6) |
_embedded | object | Embedded resources related to the Grant |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
clientId | string | Client ID of the app integration (example: oag3ih1zrm1cBFOiq0h6) |
created | string (date-time) | Timestamp when the object was created (example: 2017-03-28T01:11:10.000Z) |
createdBy | object | User that created the object |
issuer | string | The issuer of your org authorization server. This is typically your Okta domain. (example: https://my_test_okta_org.oktapreview.com) |
lastUpdated | string (date-time) | Timestamp when the object was last updated |
scopeId | string | The name of the Okta scope for which consent is granted (example: okta.users.read) |
source | string | User type source that granted consent (example: ADMIN) |
status | string | Status (example: ACTIVE) |
userId | string | User ID that granted consent (if source is END_USER) (example: 00u5t60iloOHN9pBi0h7) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_scope_consent_grants | select | subdomain | expand | Lists all scope consent Grants for the app |
get_scope_consent_grant | select | subdomain | expand | Retrieves a single scope consent Grant object for the app |
grant_consent_to_scope | insert | subdomain, data__issuer, data__scopeId | Grants consent for the app to request an OAuth 2.0 Okta scope | |
revoke_scope_consent_grant | delete | subdomain | Revokes permission for the app to grant the given scope |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
expand | string | An optional parameter to return scope details in the _embedded property. Valid value: scope |
SELECT examples
- list_scope_consent_grants
- get_scope_consent_grant
Lists all scope consent Grants for the app
SELECT
id,
_embedded,
_links,
clientId,
created,
createdBy,
issuer,
lastUpdated,
scopeId,
source,
status,
userId
FROM okta.apps.grants
WHERE subdomain = '{{ subdomain }}' -- required
AND expand = '{{ expand }}';
Retrieves a single scope consent Grant object for the app
SELECT
id,
_embedded,
_links,
clientId,
created,
createdBy,
issuer,
lastUpdated,
scopeId,
source,
status,
userId
FROM okta.apps.grants
WHERE subdomain = '{{ subdomain }}' -- required
AND expand = '{{ expand }}';
INSERT examples
- grant_consent_to_scope
- Manifest
Grants consent for the app to request an OAuth 2.0 Okta scope
INSERT INTO okta.apps.grants (
data__issuer,
data__scopeId,
subdomain
)
SELECT
'{{ issuer }}' --required,
'{{ scopeId }}' --required,
'{{ subdomain }}'
RETURNING
id,
_embedded,
_links,
clientId,
created,
createdBy,
issuer,
lastUpdated,
scopeId,
source,
status,
userId
;
# Description fields are for documentation purposes
- name: grants
props:
- name: subdomain
value: string
description: Required parameter for the grants resource.
- name: issuer
value: string
description: >
The issuer of your org authorization server. This is typically your Okta domain.
- name: scopeId
value: string
description: >
The name of the [Okta scope](https://developer.okta.com/docs/api/oauth2/#oauth-20-scopes) for which consent is granted
DELETE examples
- revoke_scope_consent_grant
Revokes permission for the app to grant the given scope
DELETE FROM okta.apps.grants
WHERE subdomain = '{{ subdomain }}' --required;