client_roles
Creates, updates, deletes, gets or lists a client_roles resource.
Overview
| Name | client_roles |
| Type | Resource |
| Id | okta.oauth2.client_roles |
Fields
The following fields are returned by SELECT queries:
- list_roles_for_client
- retrieve_client_role
| Name | Datatype | Description |
|---|
| Name | Datatype | Description |
|---|
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_roles_for_client | select | subdomain | Lists all roles assigned to a client app identified by clientId | |
retrieve_client_role | select | subdomain | Retrieves a role assignment (identified by roleAssignmentId) for a client app (identified by clientId) | |
assign_role_to_client | insert | subdomain | Assigns a standard role to a client app. You can also assign a custom role to a client app, but the preferred method to assign a custom role to a client is to create a binding between the custom role, the resource set, and the client app. See Create a role resource set binding. > Notes: > * The request payload is different for standard and custom role assignments. > * For IAM-based standard role assignments, use the request payload for standard roles. However, the response payload for IAM-based role assignments is similar to the custom role's assignment response. | |
delete_role_from_client | delete | subdomain | Unassigns a role assignment (identified by roleAssignmentId) from a client app (identified by clientId) |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
SELECT examples
- list_roles_for_client
- retrieve_client_role
Lists all roles assigned to a client app identified by clientId
SELECT
*
FROM okta.oauth2.client_roles
WHERE subdomain = '{{ subdomain }}' -- required
;
Retrieves a role assignment (identified by roleAssignmentId) for a client app (identified by clientId)
SELECT
*
FROM okta.oauth2.client_roles
WHERE subdomain = '{{ subdomain }}' -- required
;
INSERT examples
- assign_role_to_client
- Manifest
Assigns a standard role to a client app.
You can also assign a custom role to a client app, but the preferred method to assign a custom role to a client is to create a binding between the custom role, the resource set, and the client app. See Create a role resource set binding.
> Notes:
> * The request payload is different for standard and custom role assignments.
> * For IAM-based standard role assignments, use the request payload for standard roles. However, the response payload for IAM-based role assignments is similar to the custom role's assignment response.
INSERT INTO okta.oauth2.client_roles (
subdomain
)
SELECT
'{{ subdomain }}'
;
# Description fields are for documentation purposes
- name: client_roles
props:
- name: subdomain
value: string
description: Required parameter for the client_roles resource.
DELETE examples
- delete_role_from_client
Unassigns a role assignment (identified by roleAssignmentId) from a client app (identified by clientId)
DELETE FROM okta.oauth2.client_roles
WHERE subdomain = '{{ subdomain }}' --required
;