Identity Cloud

/users/user/oauth2/applications

Invoke this Identity Cloud-specific endpoint to list the applications granted OAuth 2.0 access and to delete tokens for a specified client.

To call the endpoint, you must compose the path to the realm where the client is registered.

Query applications

This example lists all the OAuth 2.0 clients holding active tokens granted in the alpha realm for the user, bjensen. You must provide the SSO token of the tenant administrator or the resource owner as a header, and include the user’s _id in the URL:

$  curl --request GET \
--header "Accept-API-Version: resource=1.1" \
--header "<session-cookie-name>: Ua6fsH2vjgHqVY..." \
"https://<tenant-env-fqdn>/am/json/realms/root/realms/alpha/users/1dff18dc-ac57-4388-8127-dff309f80002/oauth2/applications?_queryFilter=true"
{
    "result": [
        {
            "_id": "myClient",
            "_rev": "-1121350941",
            "name": null,
            "scopes": {
                "write": "write"
            },
            "expiryDateTime": null,
            "logoUri": null
        }
    ],
    "resultCount": 1,
    "pagedResultsCookie": null,
    "totalPagedResultsPolicy": "NONE",
    "totalPagedResults": -1,
    "remainingPagedResults": -1
}

On success, Identity Cloud returns an HTTP 200 code and a JSON object with information about the tokens, such as the granted scopes and the ID for the client to which they belong.

Delete tokens for a client

The following example deletes all tokens held by the OAuth 2.0 client myClient granted in the alpha realm by bjensen. You must provide the SSO token of the tenant administrator or the resource owner as a header, and include the _id of the resource owner (bjensen) and name of the client (myClient) in the URL:

$ curl --request DELETE \
--header "Accept-API-Version: resource=1.1" \
--header "<session-cookie-name>: Ua6fsH2vjgHqVY..." \
"https://<tenant-env-fqdn>/am/json/realms/root/realms/alpha/users/1dff18dc-ac57-4388-8127-dff309f80002/oauth2/applications/myClient"
{
    "_id": "myClient",
    "_rev": "-1121350941",
    "name": null,
    "scopes": {
        "write": "write"
    },
    "expiryDateTime": null,
    "logoUri": null
}

On success, Identity Cloud returns an HTTP 200 code and a JSON object with information about the deleted tokens, such as the granted scopes and ID of the client.

Copyright © 2010-2024 ForgeRock, all rights reserved.