Authorization Server Scopes

Provides operations to manage custom token scopes for the given authServerId and scopeId. See scope properties.

List all custom token scopes
API Access Management
OAuth 2.0: okta.authorizationServers.read

Lists all custom token scopes

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
query Parameters
q
string

Searches the name of Custom Token Scopes for matching values

filter
string

Filter expression for Custom Token Scopes

after
string

Specifies the pagination cursor for the next page of scopes. Treat the after cursor as an opaque value and obtain it through the next link relationship. See Pagination.

limit
integer <= 200

Specifies the number of objects to return per page. If there are multiple pages of results, the Link header contains a next link that you need to use as an opaque value (follow it, don't parse it). See Pagination.

Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/authorizationServers/{authServerId}/scopes
Request samples
Response samples
application/json
[]

Create a custom token scope
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Creates a custom token scope

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
Request Body schema: application/json
required
name
required
string

Scope name

consent
string (OAuth2ScopeConsentType)
Default: "IMPLICIT"

Indicates whether a consent dialog is needed for the Scope

Enum: "FLEXIBLE" "IMPLICIT" "REQUIRED"
default
boolean
Default: false

Indicates if this Scope is a default scope

description
string

Description of the Scope

displayName
string

Name of the end user displayed in a consent dialog

metadataPublish
string (OAuth2ScopeMetadataPublish)
Default: "NO_CLIENTS"

Indicates whether the Scope is included in the metadata

Enum: "ALL_CLIENTS" "NO_CLIENTS"
optional
boolean
Default: false

Indicates whether the Scope is optional. When set to true, the user can skip consent for the scope.

system
boolean
Default: false

Indicates if Okta created the Scope

Responses
201

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/authorizationServers/{authServerId}/scopes
Request samples
application/json
{
  • "name": "car:drive",
  • "description": "Drive car",
  • "consent": "REQUIRED",
  • "displayName": "Saml Jackson"
}
Response samples
application/json
{}

Retrieve a custom token scope
API Access Management
OAuth 2.0: okta.authorizationServers.read

Retrieves a custom token scope

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
scopeId
required
string

id of Scope

Example: 0TMRpCWXRKFjP7HiPFNM
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}
Request samples
Response samples
application/json
{}

Replace a custom token scope
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Replaces a custom token scope

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
scopeId
required
string

id of Scope

Example: 0TMRpCWXRKFjP7HiPFNM
Request Body schema: application/json
required
name
required
string

Scope name

consent
string (OAuth2ScopeConsentType)
Default: "IMPLICIT"

Indicates whether a consent dialog is needed for the Scope

Enum: "FLEXIBLE" "IMPLICIT" "REQUIRED"
default
boolean
Default: false

Indicates if this Scope is a default scope

description
string

Description of the Scope

displayName
string

Name of the end user displayed in a consent dialog

metadataPublish
string (OAuth2ScopeMetadataPublish)
Default: "NO_CLIENTS"

Indicates whether the Scope is included in the metadata

Enum: "ALL_CLIENTS" "NO_CLIENTS"
optional
boolean
Default: false

Indicates whether the Scope is optional. When set to true, the user can skip consent for the scope.

system
boolean
Default: false

Indicates if Okta created the Scope

Responses
200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

put/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}
Request samples
application/json
{
  • "description": "Order car",
  • "name": "car:order",
  • "metadataPublish": "ALL_CLIENTS"
}
Response samples
application/json
{}

Delete a custom token scope
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Deletes a custom token scope

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
scopeId
required
string

id of Scope

Example: 0TMRpCWXRKFjP7HiPFNM
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}