oauth_tokens
Creates, updates, deletes, gets or lists an oauth_tokens resource.
Overview
| Name | oauth_tokens |
| Type | Resource |
| Id | okta.users.oauth_tokens |
Fields
The following fields are returned by SELECT queries:
- list_refresh_tokens_for_user_and_client
- get_refresh_token_for_user_and_client
| Name | Datatype | Description |
|---|---|---|
id | string | ID of the Token object (example: oar579Mcp7OUsNTlo0g3) |
_embedded | object | The embedded resources related to the object if the expand query parameter is specified |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
clientId | string | Client ID |
created | string (date-time) | Timestamp when the object was created (example: 2017-03-28T01:11:10.000Z) |
expiresAt | string (date-time) | Expiration time of the OAuth 2.0 Token |
issuer | string | The complete URL of the authorization server that issued the Token (example: https://{yourOktaDomain}/oauth2/ausain6z9zIedDCxB0h7) |
lastUpdated | string (date-time) | Timestamp when the object was last updated |
scopes | array | The scope names attached to the Token |
status | string | Status (example: ACTIVE) |
userId | string | The ID of the user associated with the Token (example: 00u5t60iloOHN9pBi0h7) |
| Name | Datatype | Description |
|---|---|---|
id | string | ID of the Token object (example: oar579Mcp7OUsNTlo0g3) |
_embedded | object | The embedded resources related to the object if the expand query parameter is specified |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
clientId | string | Client ID |
created | string (date-time) | Timestamp when the object was created (example: 2017-03-28T01:11:10.000Z) |
expiresAt | string (date-time) | Expiration time of the OAuth 2.0 Token |
issuer | string | The complete URL of the authorization server that issued the Token (example: https://{yourOktaDomain}/oauth2/ausain6z9zIedDCxB0h7) |
lastUpdated | string (date-time) | Timestamp when the object was last updated |
scopes | array | The scope names attached to the Token |
status | string | Status (example: ACTIVE) |
userId | string | The ID of the user associated with the Token (example: 00u5t60iloOHN9pBi0h7) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_refresh_tokens_for_user_and_client | select | subdomain | expand, after, limit | Lists all refresh tokens issued for the specified user and client |
get_refresh_token_for_user_and_client | select | subdomain | expand | Retrieves a refresh token issued for the specified user and client |
revoke_tokens_for_user_and_client | delete | subdomain | Revokes all refresh tokens issued for the specified user and client | |
revoke_token_for_user_and_client | delete | subdomain | Revokes the specified refresh and access tokens |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
after | string | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the Link response header. See Pagination. |
expand | string | Valid value: scope. If specified, scope details are included in the _embedded attribute. |
limit | integer (int32) | Specifies the number of tokens to return |
SELECT examples
- list_refresh_tokens_for_user_and_client
- get_refresh_token_for_user_and_client
Lists all refresh tokens issued for the specified user and client
SELECT
id,
_embedded,
_links,
clientId,
created,
expiresAt,
issuer,
lastUpdated,
scopes,
status,
userId
FROM okta.users.oauth_tokens
WHERE subdomain = '{{ subdomain }}' -- required
AND expand = '{{ expand }}'
AND after = '{{ after }}'
AND limit = '{{ limit }}';
Retrieves a refresh token issued for the specified user and client
SELECT
id,
_embedded,
_links,
clientId,
created,
expiresAt,
issuer,
lastUpdated,
scopes,
status,
userId
FROM okta.users.oauth_tokens
WHERE subdomain = '{{ subdomain }}' -- required
AND expand = '{{ expand }}';
DELETE examples
- revoke_tokens_for_user_and_client
- revoke_token_for_user_and_client
Revokes all refresh tokens issued for the specified user and client
DELETE FROM okta.users.oauth_tokens
WHERE subdomain = '{{ subdomain }}' --required;
Revokes the specified refresh and access tokens
DELETE FROM okta.users.oauth_tokens
WHERE subdomain = '{{ subdomain }}' --required;