OAuth2 Tokens Resource¶
Added in 3.0
An API resource for managing OAuth2 tokens.
This resource allows callers to list, update, or delete their existing tokens.
Details¶
| Name | oauth_token |
| URI | /api/oauth-tokens/{oauth_token_id}/ |
| Required Features |
|
| Token Policy ID | oauth_token |
| HTTP Methods | |
| Parent Resource | |
| Child Resources | None |
Fields¶
| applicationString | The name of the application this token is for. |
| expiresString | When this token is set to expire. |
| scopeList of String | The scopes this token has access to. |
| tokenString | The access token. |
Links¶
Name |
Method |
Resource |
|---|---|---|
| delete | DELETE |
|
| self | GET |
|
| update | PUT |
HTTP DELETE¶
Delete the OAuth2 token, invalidating all clients using it.
The OAuth token will be removed from the user’s account, and will no longer be usable for authentication.
After deletion, this will return a HTTP 204 No Content.
Errors¶
| 100 - Does Not ExistHTTP 404 - Not Found | Object does not exist |
| 101 - Permission DeniedHTTP 403 - Forbidden | You don’t have permission for this |
| 103 - Not Logged InHTTP 401 - Unauthorized | You are not logged in |
| 112 - OAuth2 Missing Scope ErrorHTTP 403 - Forbidden | Your OAuth2 token lacks the necessary scopes for this request. |
| 113 - OAuth2 Access Denied ErrorHTTP 403 - Forbidden | OAuth2 token access for this resource is prohibited. |
HTTP GET¶
Retrieves information on a particular OAuth2 token.
This can only be accessed by the owner of the tokens or superusers
Errors¶
| 100 - Does Not ExistHTTP 404 - Not Found | Object does not exist |
| 101 - Permission DeniedHTTP 403 - Forbidden | You don’t have permission for this |
| 103 - Not Logged InHTTP 401 - Unauthorized | You are not logged in |
| 112 - OAuth2 Missing Scope ErrorHTTP 403 - Forbidden | Your OAuth2 token lacks the necessary scopes for this request. |
| 113 - OAuth2 Access Denied ErrorHTTP 403 - Forbidden | OAuth2 token access for this resource is prohibited. |
HTTP PUT¶
Update the scope of an OAuth2 token.
This resource allows a user to either (1) add and remove scopes or (2) replace the set of scopes with a new set.
Request Parameters¶
| add_scopesString | A comma-separated list of scopes to add. |
| remove_scopesString | A comma-separated list of scopes to remove. |
| scopesString | A comma-separated list of scopes to override the current set with. This field cannot be provided if either add_scopes or remove_scopes is provided. |
Errors¶
| 100 - Does Not ExistHTTP 404 - Not Found | Object does not exist |
| 101 - Permission DeniedHTTP 403 - Forbidden | You don’t have permission for this |
| 103 - Not Logged InHTTP 401 - Unauthorized | You are not logged in |
| 105 - Invalid Form DataHTTP 400 - Bad Request | One or more fields had errors |
| 112 - OAuth2 Missing Scope ErrorHTTP 403 - Forbidden | Your OAuth2 token lacks the necessary scopes for this request. |
| 113 - OAuth2 Access Denied ErrorHTTP 403 - Forbidden | OAuth2 token access for this resource is prohibited. |
Examples¶
application/vnd.reviewboard.org.oauth-token+json¶
$ curl https://reviews.example.com/api/oauth-tokens/1/ -H "Accept: application/json"
HTTP 200 OK
Content-Length: 465
Content-Type: application/vnd.reviewboard.org.oauth-token+json
ETag: 875a462958224d29fc59288d03c9c69a8bbf3d36
Vary: Accept, Cookie
X-Content-Type-Options: nosniff
{
"oauth_token": {
"application": "Awesome App",
"expires": "2060-06-01T12:13:14.123000+00:00",
"links": {
"delete": {
"href": "https://reviews.example.com/api/oauth-tokens/1/",
"method": "DELETE"
},
"self": {
"href": "https://reviews.example.com/api/oauth-tokens/1/",
"method": "GET"
},
"update": {
"href": "https://reviews.example.com/api/oauth-tokens/1/",
"method": "PUT"
}
},
"scope": [
"root:read",
"review_request:read",
"review:read"
],
"token": "abc123"
},
"stat": "ok"
}