Authorization Server Rules

Provides operations to manage policy rules for the given authServerId, policyId, and ruleId.

List all policy rules
API Access Management
OAuth 2.0: okta.authorizationServers.read

Lists all policy rules for the specified Custom Authorization Server and Policy

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
policyId
required
string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules
Request samples
Response samples
application/json
[]

Create a policy rule
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Creates a policy rule for the specified Custom Authorization Server and Policy

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
policyId
required
string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3
Request Body schema: application/json
required
name
required
string

Name of the rule

required
object (AuthorizationServerPolicyRuleConditions)
object (GrantTypePolicyRuleCondition)

Array of grant types that this condition includes. Determines the mechanism that Okta uses to authorize the creation of the tokens.

include
Array of strings

Array of grant types that this condition includes.

object (AuthorizationServerPolicyPeopleCondition)

Identifies Users and Groups that are used together

object (AuthorizationServerPolicyRuleGroupCondition)

Specifies a set of Groups whose Users are to be included

object (AuthorizationServerPolicyRuleUserCondition)

Specifies a set of Users to be included

object (OAuth2ScopesMediationPolicyRuleCondition)

Array of scopes that the condition includes

include
Array of strings
type
required
string

Rule type

Value: "RESOURCE_ACCESS"
object (AuthorizationServerPolicyRuleActions)
object (TokenAuthorizationServerPolicyRuleAction)
accessTokenLifetimeMinutes
integer

Lifetime of the access token in minutes. The minimum is five minutes. The maximum is one day.

object (TokenAuthorizationServerPolicyRuleActionInlineHook)
refreshTokenLifetimeMinutes
integer

Lifetime of the refresh token is the minimum access token lifetime.

refreshTokenWindowMinutes
integer

Timeframe when the refresh token is valid. The minimum is 10 minutes. The maximum is five years (2,628,000 minutes).

priority
integer

Priority of the rule

status
string

Status of the rule

Enum: "ACTIVE" "INACTIVE"
system
boolean

Set to true for system rules. You can't delete system rules.

Responses
201

Created

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules
Request samples
application/json
{
  • "type": "RESOURCE_ACCESS",
  • "name": "Default Policy Rule",
  • "priority": 1,
  • "conditions": {
    • "people": {
      },
    • "grantTypes": {
      },
    • "scopes": {
      }
    },
  • "actions": {
    • "token": {
      }
    }
}
Response samples
application/json
{}

Retrieve a policy rule
API Access Management
OAuth 2.0: okta.authorizationServers.read

Retrieves a policy rule by ruleId

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
policyId
required
string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3
ruleId
required
string

id of the policy rule

Example: ruld3hJ7jZh4fn0st0g3
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}
Request samples
Response samples
application/json
{}

Replace a policy rule
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Replaces the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
policyId
required
string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3
ruleId
required
string

id of the policy rule

Example: ruld3hJ7jZh4fn0st0g3
Request Body schema: application/json
required
name
required
string

Name of the rule

required
object (AuthorizationServerPolicyRuleConditions)
object (GrantTypePolicyRuleCondition)

Array of grant types that this condition includes. Determines the mechanism that Okta uses to authorize the creation of the tokens.

include
Array of strings

Array of grant types that this condition includes.

object (AuthorizationServerPolicyPeopleCondition)

Identifies Users and Groups that are used together

object (AuthorizationServerPolicyRuleGroupCondition)

Specifies a set of Groups whose Users are to be included

object (AuthorizationServerPolicyRuleUserCondition)

Specifies a set of Users to be included

object (OAuth2ScopesMediationPolicyRuleCondition)

Array of scopes that the condition includes

include
Array of strings
type
required
string

Rule type

Value: "RESOURCE_ACCESS"
object (AuthorizationServerPolicyRuleActions)
object (TokenAuthorizationServerPolicyRuleAction)
accessTokenLifetimeMinutes
integer

Lifetime of the access token in minutes. The minimum is five minutes. The maximum is one day.

object (TokenAuthorizationServerPolicyRuleActionInlineHook)
refreshTokenLifetimeMinutes
integer

Lifetime of the refresh token is the minimum access token lifetime.

refreshTokenWindowMinutes
integer

Timeframe when the refresh token is valid. The minimum is 10 minutes. The maximum is five years (2,628,000 minutes).

priority
integer

Priority of the rule

status
string

Status of the rule

Enum: "ACTIVE" "INACTIVE"
system
boolean

Set to true for system rules. You can't delete system rules.

Responses
200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

put/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}
Request samples
application/json
{
  • "type": "RESOURCE_ACCESS",
  • "name": "Default Policy Rule",
  • "priority": 1,
  • "status": "ACTIVE",
  • "conditions": {
    • "people": {
      },
    • "grantTypes": {
      },
    • "scopes": {
      }
    },
  • "actions": {
    • "token": {
      }
    }
}
Response samples
application/json
{}

Delete a policy rule
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
policyId
required
string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3
ruleId
required
string

id of the policy rule

Example: ruld3hJ7jZh4fn0st0g3
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

Activate a policy rule
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Activates an authorization server policy rule

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
policyId
required
string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3
ruleId
required
string

id of the policy rule

Example: ruld3hJ7jZh4fn0st0g3
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

Deactivate a policy rule
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Deactivates an authorization server policy rule

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
policyId
required
string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3
ruleId
required
string

id of the policy rule

Example: ruld3hJ7jZh4fn0st0g3
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}