The grants endpoint (two are provided, one for use with parameters) is where resource owners go to view (and optionally revoke) the persistent access grants they have made. This endpoint is not part of the OAuth specification, but many OAuth providers offer a similar function. The grants displayed are those associated with the USER_KEY of the authenticated user. The same attribute mapping(s) from the authentication source to USER_KEY used for the authorization endpoint are used here to look up the user's existing grants.

Endpoints: /as/grants.oauth2 and /as/oauth_access_grants.ping

The following table shows the available parameters for the /as/grants.oauth2 endpoint. Use only one of them as needed.

Parameter Description
idp (or PartnerIdpId) Indicates the entity ID of the connection ID of the IdP with whom to initiate Browser SSO for user authentication.
pfidpadapterid Indicates the IdP adapter instance ID of the adapter to use for user authentication.
Note:

This parameter may be overridden by policy based on authentication selection configuration. For example, the OAuth Scope Authentication Selector could enforce the use of a given adapter based on client-requested scopes.

If no recent user attributes are found for the session context, the user is redirected to /as/oauth_access_grants.ping to initiate the authentication process, which behaves in exactly the same way as the authorization endpoint.