refresh_tokens
Creates, updates, deletes, gets or lists a refresh_tokens resource.
Overview
| Name | refresh_tokens |
| Type | Resource |
| Id | okta.authorizationservers.refresh_tokens |
Fields
The following fields are returned by SELECT queries:
- list_refresh_tokens_for_authorization_server_and_client
- get_refresh_token_for_authorization_server_and_client
| Name | Datatype | Description |
|---|---|---|
id | string | ID of the Token object (example: oar579Mcp7OUsNTlo0g3) |
_embedded | object | The embedded resources related to the object if the expand query parameter is specified |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
clientId | string | Client ID |
created | string (date-time) | Timestamp when the object was created (example: 2017-03-28T01:11:10.000Z) |
expiresAt | string (date-time) | Expiration time of the OAuth 2.0 Token |
issuer | string | The complete URL of the authorization server that issued the Token (example: https://{yourOktaDomain}/oauth2/ausain6z9zIedDCxB0h7) |
lastUpdated | string (date-time) | Timestamp when the object was last updated |
scopes | array | The scope names attached to the Token |
status | string | Status (example: ACTIVE) |
userId | string | The ID of the user associated with the Token (example: 00u5t60iloOHN9pBi0h7) |
| Name | Datatype | Description |
|---|---|---|
id | string | ID of the Token object (example: oar579Mcp7OUsNTlo0g3) |
_embedded | object | The embedded resources related to the object if the expand query parameter is specified |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
clientId | string | Client ID |
created | string (date-time) | Timestamp when the object was created (example: 2017-03-28T01:11:10.000Z) |
expiresAt | string (date-time) | Expiration time of the OAuth 2.0 Token |
issuer | string | The complete URL of the authorization server that issued the Token (example: https://{yourOktaDomain}/oauth2/ausain6z9zIedDCxB0h7) |
lastUpdated | string (date-time) | Timestamp when the object was last updated |
scopes | array | The scope names attached to the Token |
status | string | Status (example: ACTIVE) |
userId | string | The ID of the user associated with the Token (example: 00u5t60iloOHN9pBi0h7) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_refresh_tokens_for_authorization_server_and_client | select | subdomain | expand, after, limit | Lists all refresh tokens issued by an authorization server for a specific Client |
get_refresh_token_for_authorization_server_and_client | select | subdomain | expand | Retrieves a refresh token for a Client |
revoke_refresh_tokens_for_authorization_server_and_client | delete | subdomain | Revokes all refresh tokens for a Client | |
revoke_refresh_token_for_authorization_server_and_client | delete | subdomain | Revokes a refresh token for a Client |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
after | string | Specifies the pagination cursor for the next page of tokens |
expand | string | Valid value: scope. If specified, scope details are included in the _embedded attribute. |
limit | integer (int32) | The maximum number of tokens to return (maximum 200) |
SELECT examples
- list_refresh_tokens_for_authorization_server_and_client
- get_refresh_token_for_authorization_server_and_client
Lists all refresh tokens issued by an authorization server for a specific Client
SELECT
id,
_embedded,
_links,
clientId,
created,
expiresAt,
issuer,
lastUpdated,
scopes,
status,
userId
FROM okta.authorizationservers.refresh_tokens
WHERE subdomain = '{{ subdomain }}' -- required
AND expand = '{{ expand }}'
AND after = '{{ after }}'
AND limit = '{{ limit }}';
Retrieves a refresh token for a Client
SELECT
id,
_embedded,
_links,
clientId,
created,
expiresAt,
issuer,
lastUpdated,
scopes,
status,
userId
FROM okta.authorizationservers.refresh_tokens
WHERE subdomain = '{{ subdomain }}' -- required
AND expand = '{{ expand }}';
DELETE examples
- revoke_refresh_tokens_for_authorization_server_and_client
- revoke_refresh_token_for_authorization_server_and_client
Revokes all refresh tokens for a Client
DELETE FROM okta.authorizationservers.refresh_tokens
WHERE subdomain = '{{ subdomain }}' --required;
Revokes a refresh token for a Client
DELETE FROM okta.authorizationservers.refresh_tokens
WHERE subdomain = '{{ subdomain }}' --required;