PingAM

/users/user/oauth2/applications

AM-specific endpoint for listing clients holding tokens granted by specific resource owners, and for deleting tokens for a combination of a resource owner and client.

Use the AM API explorer for detailed information about the parameters supported by this endpoint, and to test it against your deployed AM instance.

In the AM admin UI, click the Help icon, and go to API Explorer > /users > /user > /oauth2 > /applications.

To call the endpoint, you must compose the path to the realm where the client is registered.

This example lists all the clients holding tokens granted in the alpha realm by bjensen. You must provide the SSO token of an admin user or the resource owner as a header, and include the name of the resource owner (bjensen) in the URL:

$ curl \
--request GET \
--header "Accept-API-Version: resource=1.1" \
--header "iPlanetDirectoryPro: Ua6fsH2vjgHqVY…​" \
"https://am.example.com:8443/am/json/realms/root/realms/alpha/users/bjensen/oauth2/applications?_queryFilter=true"

On success, AM returns an HTTP 200 code and a JSON structure containing information about the tokens, such as the client ID they belong to, the granted scopes, and their expiration time:

{
   "result":[
      {
         "_id":"myClient",
         "_rev":"22274676",
         "name":null,
         "description":"This field describes myClient",
         "scopes":{
            "write":"write"
         },
         "expiryDateTime":"2025-05-17T10:48:55.395Z",
         "logoUri":null
      }
   ],
   "resultCount":1,
   "pagedResultsCookie":null,
   "totalPagedResultsPolicy":"NONE",
   "totalPagedResults":-1,
   "remainingPagedResults":-1
}

The following example shows how to delete all tokens held by the client myClient granted in the alpha realm by bjensen. You must provide the SSO token of an admin user or the resource owner as a header, and the username of the resource owner (bjensen) and the _id of the client (myClient) in the URL:

$ curl \
--request DELETE \
--header "Accept-API-Version: resource=1.1" \
--header "iPlanetDirectoryPro: Ua6fsH2vjgHqVY…​" \
"https://am.example.com:8443/am/json/realms/root/realms/alpha/users/bjensen/oauth2/applications/myClient"

On success, AM returns an HTTP 200 code and a JSON structure containing information about the deleted tokens, such as the client ID they belonged to, the scopes they granted, and their expiration time:

{
  "_id": "myClient",
  "_rev": "22274676",
  "name": null,
  "description":"This field describes myClient",
  "scopes": {
    "write": "write"
  },
  "expiryDateTime": "2025-05-17T10:48:55.395Z",
  "logoUri": null
}