List OAuth 2.0 Consent Sessions of a Subject
GET {{baseUrl}}/admin/oauth2/auth/sessions/consent?page_size=250&page_token=1&subject=<string>&login_session_id=<string>
This endpoint lists all subject's granted consent sessions, including client and granted scope. If the subject is unknown or has not granted any consent sessions yet, the endpoint returns an empty JSON array with status code 200 OK.
Request Params
| Key | Datatype | Required | Description |
|---|---|---|---|
page_size | number | Items per Page |
This is the number of items per page to return.
For details on pagination please head over to the pagination documentation. |
| page_token | number | | Next Page Token
The next page token.
For details on pagination please head over to the pagination documentation. |
| subject | string | | (Required) The subject to list the consent sessions for. |
| login_session_id | string | | The login session id to list the consent sessions for. |
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Accept | string |
RESPONSES
status: OK
[{"consent_request":{"challenge":"\u003cstring\u003e","acr":"\u003cstring\u003e","amr":["\u003cstring\u003e","\u003cstring\u003e"],"client":{"allowed_cors_origins":["\u003cstring\u003e","\u003cstring\u003e"],"audience":["\u003cstring\u003e","\u003cstring\u003e"],"authorization_code_grant_access_token_lifespan":"265356774ms3s5ms270244ns7279361612us692us918418ns1676983h3051us","authorization_code_grant_id_token_lifespan":"23781064ns","authorization_code_grant_refresh_token_lifespan":"86394090888ns2183ns9919897us46ns74597224504s456100701ns29598s","backchannel_logout_session_required":"\u003cboolean\u003e","backchannel_logout_uri":"\u003cstring\u003e","client_credentials_grant_access_token_lifespan":"67189015385ns14134564851h","client_id":"\u003cstring\u003e","client_name":"\u003cstring\u003e","client_secret":"\u003cstring\u003e","client_secret_expires_at":"\u003clong\u003e","client_uri":"\u003cstring\u003e","contacts":["\u003cstring\u003e","\u003cstring\u003e"],"created_at":"\u003cdateTime\u003e","frontchannel_logout_session_required":"\u003cboolean\u003e","frontchannel_logout_uri":"\u003cstring\u003e","grant_types":["\u003cstring\u003e","\u003cstring\u003e"],"implicit_grant_access_token_lifespan":"2173532257h9ms320586642s","implicit_grant_id_token_lifespan":"0m39ms116908m","jwks":{"description":"OAuth 2.0 Client JSON Web Key Set\n\nClient's JSON Web Key Set [JWK] document, passed by value. The semantics of the jwks parameter are the same as\nthe jwks_uri parameter, other than that the JWK Set is passed by value, rather than by reference. This parameter\nis intended only to be used by Clients that, for some reason, are unable to use the jwks_uri parameter, for\ninstance, by native applications that might not have a location to host the contents of the JWK Set. If a Client\ncan use jwks_uri, it MUST NOT use jwks. One significant downside of jwks is that it does not enable key rotation\n(which jwks_uri does, as described in Section 10 of OpenID Connect Core 1.0 [OpenID.Core]). The jwks_uri and jwks\nparameters MUST NOT be used together."},"jwks_uri":"\u003cstring\u003e","jwt_bearer_grant_access_token_lifespan":"57217804171h4004h10675073us525011h5687170320ms8h38074621116us","logo_uri":"\u003cstring\u003e","metadata":{"title":"JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger."},"owner":"\u003cstring\u003e","policy_uri":"\u003cstring\u003e","post_logout_redirect_uris":["\u003cstring\u003e","\u003cstring\u003e"],"redirect_uris":["\u003cstring\u003e","\u003cstring\u003e"],"refresh_token_grant_access_token_lifespan":"","refresh_token_grant_id_token_lifespan":"870353793us897us635938h80280648ms854540015s797s9us1511674105m70305h","refresh_token_grant_refresh_token_lifespan":"30875us67936849ns21751us27718300082s075280ms","registration_access_token":"\u003cstring\u003e","registration_client_uri":"\u003cstring\u003e","request_object_signing_alg":"\u003cstring\u003e","request_uris":["\u003cstring\u003e","\u003cstring\u003e"],"response_types":["\u003cstring\u003e","\u003cstring\u003e"],"scope":"\u003cstring\u003e","sector_identifier_uri":"\u003cstring\u003e","subject_type":"\u003cstring\u003e","token_endpoint_auth_method":"\u003cstring\u003e","token_endpoint_auth_signing_alg":"\u003cstring\u003e","tos_uri":"\u003cstring\u003e","updated_at":"\u003cdateTime\u003e","userinfo_signed_response_alg":"\u003cstring\u003e"},"context":{"title":"JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger."},"login_challenge":"\u003cstring\u003e","login_session_id":"\u003cstring\u003e","oidc_context":{"acr_values":["\u003cstring\u003e","\u003cstring\u003e"],"display":"\u003cstring\u003e","id_token_hint_claims":{"incididuntb":{},"ut38c":{}},"login_hint":"\u003cstring\u003e","ui_locales":["\u003cstring\u003e","\u003cstring\u003e"]},"request_url":"\u003cstring\u003e","requested_access_token_audience":["\u003cstring\u003e","\u003cstring\u003e"],"requested_scope":["\u003cstring\u003e","\u003cstring\u003e"],"skip":"\u003cboolean\u003e","subject":"\u003cstring\u003e"},"expires_at":{"access_token":"\u003cdateTime\u003e","authorize_code":"\u003cdateTime\u003e","id_token":"\u003cdateTime\u003e","par_context":"\u003cdateTime\u003e","refresh_token":"\u003cdateTime\u003e"},"grant_access_token_audience":["\u003cstring\u003e","\u003cstring\u003e"],"grant_scope":["\u003cstring\u003e","\u003cstring\u003e"],"handled_at":"\u003cdateTime\u003e","remember":"\u003cboolean\u003e","remember_for":"\u003clong\u003e","session":{"access_token":{"description":"AccessToken sets session data for the access and refresh token, as well as any future tokens issued by the\nrefresh grant. Keep in mind that this data will be available to anyone performing OAuth 2.0 Challenge Introspection.\nIf only your services can perform OAuth 2.0 Challenge Introspection, this is usually fine. But if third parties\ncan access that endpoint as well, sensitive data from the session might be exposed to them. Use with care!"},"id_token":{"description":"IDToken sets session data for the OpenID Connect ID token. Keep in mind that the session'id payloads are readable\nby anyone that has access to the ID Challenge. Use with care!"}}},{"consent_request":{"challenge":"\u003cstring\u003e","acr":"\u003cstring\u003e","amr":["\u003cstring\u003e","\u003cstring\u003e"],"client":{"allowed_cors_origins":["\u003cstring\u003e","\u003cstring\u003e"],"audience":["\u003cstring\u003e","\u003cstring\u003e"],"authorization_code_grant_access_token_lifespan":"21492242542h73397ns093s43ns17533758s4m1485h5230m86213229h1513070695h","authorization_code_grant_id_token_lifespan":"704us13589us6310ns513s","authorization_code_grant_refresh_token_lifespan":"4825582ns62796528995h9218639427ms87s597065us","backchannel_logout_session_required":"\u003cboolean\u003e","backchannel_logout_uri":"\u003cstring\u003e","client_credentials_grant_access_token_lifespan":"2748ns7796606228h808683h655915446s91506ms54876649us365650ns79ns1066349us083757h","client_id":"\u003cstring\u003e","client_name":"\u003cstring\u003e","client_secret":"\u003cstring\u003e","client_secret_expires_at":"\u003clong\u003e","client_uri":"\u003cstring\u003e","contacts":["\u003cstring\u003e","\u003cstring\u003e"],"created_at":"\u003cdateTime\u003e","frontchannel_logout_session_required":"\u003cboolean\u003e","frontchannel_logout_uri":"\u003cstring\u003e","grant_types":["\u003cstring\u003e","\u003cstring\u003e"],"implicit_grant_access_token_lifespan":"0602ns1600ms","implicit_grant_id_token_lifespan":"821ns4724340104ms2217947ns5549136121ms","jwks":{"description":"OAuth 2.0 Client JSON Web Key Set\n\nClient's JSON Web Key Set [JWK] document, passed by value. The semantics of the jwks parameter are the same as\nthe jwks_uri parameter, other than that the JWK Set is passed by value, rather than by reference. This parameter\nis intended only to be used by Clients that, for some reason, are unable to use the jwks_uri parameter, for\ninstance, by native applications that might not have a location to host the contents of the JWK Set. If a Client\ncan use jwks_uri, it MUST NOT use jwks. One significant downside of jwks is that it does not enable key rotation\n(which jwks_uri does, as described in Section 10 of OpenID Connect Core 1.0 [OpenID.Core]). The jwks_uri and jwks\nparameters MUST NOT be used together."},"jwks_uri":"\u003cstring\u003e","jwt_bearer_grant_access_token_lifespan":"99183s14741ns6076577m","logo_uri":"\u003cstring\u003e","metadata":{"title":"JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger."},"owner":"\u003cstring\u003e","policy_uri":"\u003cstring\u003e","post_logout_redirect_uris":["\u003cstring\u003e","\u003cstring\u003e"],"redirect_uris":["\u003cstring\u003e","\u003cstring\u003e"],"refresh_token_grant_access_token_lifespan":"0394031s7147511m4296m5607231617us110h","refresh_token_grant_id_token_lifespan":"89991h8ns3767m83ms7838025456us85960us","refresh_token_grant_refresh_token_lifespan":"0394803727m","registration_access_token":"\u003cstring\u003e","registration_client_uri":"\u003cstring\u003e","request_object_signing_alg":"\u003cstring\u003e","request_uris":["\u003cstring\u003e","\u003cstring\u003e"],"response_types":["\u003cstring\u003e","\u003cstring\u003e"],"scope":"\u003cstring\u003e","sector_identifier_uri":"\u003cstring\u003e","subject_type":"\u003cstring\u003e","token_endpoint_auth_method":"\u003cstring\u003e","token_endpoint_auth_signing_alg":"\u003cstring\u003e","tos_uri":"\u003cstring\u003e","updated_at":"\u003cdateTime\u003e","userinfo_signed_response_alg":"\u003cstring\u003e"},"context":{"title":"JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger."},"login_challenge":"\u003cstring\u003e","login_session_id":"\u003cstring\u003e","oidc_context":{"acr_values":["\u003cstring\u003e","\u003cstring\u003e"],"display":"\u003cstring\u003e","id_token_hint_claims":{"quis_":{}},"login_hint":"\u003cstring\u003e","ui_locales":["\u003cstring\u003e","\u003cstring\u003e"]},"request_url":"\u003cstring\u003e","requested_access_token_audience":["\u003cstring\u003e","\u003cstring\u003e"],"requested_scope":["\u003cstring\u003e","\u003cstring\u003e"],"skip":"\u003cboolean\u003e","subject":"\u003cstring\u003e"},"expires_at":{"access_token":"\u003cdateTime\u003e","authorize_code":"\u003cdateTime\u003e","id_token":"\u003cdateTime\u003e","par_context":"\u003cdateTime\u003e","refresh_token":"\u003cdateTime\u003e"},"grant_access_token_audience":["\u003cstring\u003e","\u003cstring\u003e"],"grant_scope":["\u003cstring\u003e","\u003cstring\u003e"],"handled_at":"\u003cdateTime\u003e","remember":"\u003cboolean\u003e","remember_for":"\u003clong\u003e","session":{"access_token":{"description":"AccessToken sets session data for the access and refresh token, as well as any future tokens issued by the\nrefresh grant. Keep in mind that this data will be available to anyone performing OAuth 2.0 Challenge Introspection.\nIf only your services can perform OAuth 2.0 Challenge Introspection, this is usually fine. But if third parties\ncan access that endpoint as well, sensitive data from the session might be exposed to them. Use with care!"},"id_token":{"description":"IDToken sets session data for the OpenID Connect ID token. Keep in mind that the session'id payloads are readable\nby anyone that has access to the ID Challenge. Use with care!"}}}]