Resource owners use the grant-management endpoint to view, and optionally revoke, the persistent access grants they have made.
Two grant-management endpoints are provided. One is for use with parameters. This endpoint is not part of the OAuth specification, but many OAuth providers offer a similar function.
Grants associated with the USER_KEY of the authenticated user are displayed. The same attribute mappings from the authentication source to USER_KEY, which are used for the authorization endpoint, are used here to look up the user's existing grants.
Endpoints: /as/grants.oauth2 and /as/oauth_access_grants.ping
The following table describes the available parameters for the /as/grants.oauth2 endpoint. Use only one of them as needed.
Parameter | Description |
---|---|
idp or PartnerIdpId | Indicates the entity ID of the connection ID of the identity provider (IdP) with whom to initiate browser single sign-on (SSO) for user authentication. |
pfidpadapterid | Indicates the IdP adapter instance ID of the adapter to use for user
authentication. Note:
This parameter may be overridden by policy based on authentication selection configuration. For example, the OAuth Scope Authentication Selector could enforce the use of a given adapter based on client-requested scopes. |
If no recent user attributes are found for the session context, the user is redirected to /as/oauth_access_grants.ping to initiate the authentication process, which behaves in the same way as the authorization endpoint.