Search for all grants to a specific client app
GET {{HOST}}/admin/v1/Grants?filter=grantee[value eq "{{clientappid}}" and type eq "App"]
There are two ways to do this:
- Request the
grants
attribute of the app - Query Grants yourself
If you request the grants
attribute of the App, it contains the essential data: the ID of the Grant, the ID of the grantee, the type of the grantee, the grantMechanism, and so on.
A Grant that specifies as grantee a particular App (and usually a particular AppRole defined by that App) allows that grantee App (Client) to access the resources of the granted App.
Oracle Identity Cloud Service supports currently only Grant-to-App of an AppRole defined by another App:
- An App needs membership in at least one AppRole defined by the server App in order to support legacy, AppID-based association.
- An App may need memberships in AppRoles defined by the server App in order to authorize access that OAuth trust enables.
In theory, Oracle Identity Cloud Service could also support a Grant-to-App of another App that does not specify an AppRole defined by that other App.
Note that fulfillment of a Grant-to-App does not record the grantee App as a member of the AppRole. Instead, fulfillment records the granted AppRole) in the grantedAppRoles attribute of the grantee App.
See https://docs.oracle.com/en/cloud/paas/identity-cloud/rest-api/appmgmtrelationships.html for more information on understanding application management relationships between Apps, AppRoles, Users, and Groups.
Request Params
| Key | Datatype | Required | Description |
|---|---|---|---|
filter | string |
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Authorization | string |
RESPONSES
status: OK
{"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],"totalResults":0,"Resources":[],"startIndex":1,"itemsPerPage":50}