tokens
Creates, updates, deletes, gets or lists a tokens resource.
Overview
| Name | tokens |
| Type | Resource |
| Id | okta.apps.tokens |
Fields
The following fields are returned by SELECT queries:
- list_oauth2_tokens_for_application
- get_oauth2_token_for_application
| Name | Datatype | Description |
|---|---|---|
id | string | ID of the Token object (example: oar579Mcp7OUsNTlo0g3) |
_embedded | object | The embedded resources related to the object if the expand query parameter is specified |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
clientId | string | Client ID |
created | string (date-time) | Timestamp when the object was created (example: 2017-03-28T01:11:10.000Z) |
expiresAt | string (date-time) | Expiration time of the OAuth 2.0 Token |
issuer | string | The complete URL of the authorization server that issued the Token (example: https://{yourOktaDomain}/oauth2/ausain6z9zIedDCxB0h7) |
lastUpdated | string (date-time) | Timestamp when the object was last updated |
scopes | array | The scope names attached to the Token |
status | string | Status (example: ACTIVE) |
userId | string | The ID of the user associated with the Token (example: 00u5t60iloOHN9pBi0h7) |
| Name | Datatype | Description |
|---|---|---|
id | string | ID of the Token object (example: oar579Mcp7OUsNTlo0g3) |
_embedded | object | The embedded resources related to the object if the expand query parameter is specified |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
clientId | string | Client ID |
created | string (date-time) | Timestamp when the object was created (example: 2017-03-28T01:11:10.000Z) |
expiresAt | string (date-time) | Expiration time of the OAuth 2.0 Token |
issuer | string | The complete URL of the authorization server that issued the Token (example: https://{yourOktaDomain}/oauth2/ausain6z9zIedDCxB0h7) |
lastUpdated | string (date-time) | Timestamp when the object was last updated |
scopes | array | The scope names attached to the Token |
status | string | Status (example: ACTIVE) |
userId | string | The ID of the user associated with the Token (example: 00u5t60iloOHN9pBi0h7) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_oauth2_tokens_for_application | select | subdomain | expand, after, limit | Lists all refresh tokens for an app > Note: The results are [paginated]https://developer.okta.com/docs/api#pagination according to the limit parameter.> If there are multiple pages of results, the Link header contains a next link that you need to use as an opaque value (follow it, don't parse it). |
get_oauth2_token_for_application | select | subdomain | expand | Retrieves a refresh token for the specified app |
revoke_oauth2_tokens_for_application | delete | subdomain | Revokes all OAuth 2.0 refresh tokens for the specified app. Any access tokens issued with these refresh tokens are also revoked, but access tokens issued without a refresh token aren't affected. | |
revoke_oauth2_token_for_application | delete | subdomain | Revokes the specified token for the specified app |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
after | string | Specifies the pagination cursor for the next page of results. Treat this as an opaque value obtained through the next link relationship. See [Pagination]https://developer.okta.com/docs/api#pagination. |
expand | string | An optional parameter to return scope details in the _embedded property. Valid value: scope |
limit | integer | A limit on the number of objects to return |
SELECT examples
- list_oauth2_tokens_for_application
- get_oauth2_token_for_application
Lists all refresh tokens for an app
> Note: The results are [paginated]https://developer.okta.com/docs/api#pagination according to the limit parameter.
> If there are multiple pages of results, the Link header contains a next link that you need to use as an opaque value (follow it, don't parse it).
SELECT
id,
_embedded,
_links,
clientId,
created,
expiresAt,
issuer,
lastUpdated,
scopes,
status,
userId
FROM okta.apps.tokens
WHERE subdomain = '{{ subdomain }}' -- required
AND expand = '{{ expand }}'
AND after = '{{ after }}'
AND limit = '{{ limit }}';
Retrieves a refresh token for the specified app
SELECT
id,
_embedded,
_links,
clientId,
created,
expiresAt,
issuer,
lastUpdated,
scopes,
status,
userId
FROM okta.apps.tokens
WHERE subdomain = '{{ subdomain }}' -- required
AND expand = '{{ expand }}';
DELETE examples
- revoke_oauth2_tokens_for_application
- revoke_oauth2_token_for_application
Revokes all OAuth 2.0 refresh tokens for the specified app. Any access tokens issued with these refresh tokens are also revoked, but access tokens issued without a refresh token aren't affected.
DELETE FROM okta.apps.tokens
WHERE subdomain = '{{ subdomain }}' --required;
Revokes the specified token for the specified app
DELETE FROM okta.apps.tokens
WHERE subdomain = '{{ subdomain }}' --required;