APIs for managing OAuth 2.0 authorization grants

There are two API endpoints available to manage a user/s grants. These endpoints are useful for building an SPA or custom USC.

The first endpoint allows listing all of a user's grants.

Issue a HTTP GET to: http://server.oauth.com/mga/sps/mga/user/mgmt/grant. The API responds with:

{
  "grants": [
    {
      "id": "uuid8f63b7ee-0169-1c05-a78c-af253b6a2308",
      "isEnabled": true,
      "clientId": "client1",
      "tokens": [
        {
          "type": "authorization_grant",
          "subType": "refresh_token",
          "dateCreated": "2019-03-18T06:01:11Z",
          "lifetime": 604799,
          "lastUsed": "2019-03-18T06:01:11Z",
          "scope": "openid,email"
        }      ],
      "attributes": [
        {
          "name": "attribute1",
          "readonly": false,
          "sensitive": false,
          "value": "123"
        },
        {
          "name": "attribute2",
          "readonly": false,
          "sensitive": false,
          "value": "456"
        }      ],
      "clientName": "client1"
    },
   ...
  ],
  "username": "testuser"
}

The second endpoint allows operations on a per grant basis. This endpoint requires the grant-id to be known, the API documented above includes the grantId.

To use this endpoint, issue a HTTP GET to: http://server.oauth.com/mga/sps/mga/user/mgmt/grant/{grantId}. The API responds with the grant:

{
      "id": "uuid8f63b7ee-0169-1c05-a78c-af253b6a2308",
      "isEnabled": true,
      "clientId": "client1",
      "tokens": [
        {
          "type": "authorization_grant",
          "subType": "refresh_token",
          "dateCreated": "2019-03-18T06:01:11Z",
          "lifetime": 604799,
          "lastUsed": "2019-03-18T06:01:11Z",
          "scope": "openid,email"
        }      ],
      "attributes": [
        {
          "name": "attribute1",
          "readonly": false,
          "sensitive": false,
          "value": "123"
        },
        {
          "name": "attribute2",
          "readonly": false,
          "sensitive": false,
          "value": "456"
        }      ],
      "clientName": "client1"
    }

This endpoint also supports a HTTP DELETE to remove a grant. Issue a HTTP delete to http://server.oauth.com/mga/sps/mga/user/mgmt/grant/{grantId}. The attributes can also be updated when they are not read-only. Issue a HTTP PUT to http://server.oauth.com/mga/sps/mga/user/mgmt/grant/{grantId} , with the body:

{
  "isEnabled": true,
  "attributes": [
    {
      "name": "attribute1",
      "value": "newvalue1"
    },
    {
      "name": "attribute2",
      "value": "newvalue2"
    }  ]
}

Parent topic: User self-administration tasks for OAuth