Jump to >

OAuth2 Tokens Resource

Added in 3.0

An API resource for managing OAuth2 tokens.

This resource allows callers to list, update, or delete their existing tokens.

Important

Using this resource requires extra features to be enabled on the server. See “Required Features” below.

Details

Name oauth_token
URI /api/oauth-tokens/{oauth_token_id}/
Required Features
  • oauth.service
Token Policy ID oauth_token
HTTP Methods
  • DELETE - Delete the OAuth2 token, invalidating all clients using it.
  • GET - Retrieves information on a particular OAuth2 token.
  • PUT - Update the scope of an OAuth2 token.
Parent Resource OAuth2 Tokens List Resource
Child Resources None
Anonymous Access No

Fields

applicationString The name of the application this token is for.
expiresString When this token is set to expire.
scopeList of String The scopes this token has access to.
tokenString The access token.

HTTP DELETE

Delete the OAuth2 token, invalidating all clients using it.

The OAuth token will be removed from the user’s account, and will no longer be usable for authentication.

After deletion, this will return a HTTP 204 No Content.

Errors

100 - Does Not ExistHTTP 404 - Not Found Object does not exist
101 - Permission DeniedHTTP 403 - Forbidden You don’t have permission for this
103 - Not Logged InHTTP 401 - Unauthorized You are not logged in
112 - OAuth2 Missing Scope ErrorHTTP 403 - Forbidden Your OAuth2 token lacks the necessary scopes for this request.
113 - OAuth2 Access Denied ErrorHTTP 403 - Forbidden OAuth2 token access for this resource is prohibited.

HTTP GET

Retrieves information on a particular OAuth2 token.

This can only be accessed by the owner of the tokens or superusers

Errors

100 - Does Not ExistHTTP 404 - Not Found Object does not exist
101 - Permission DeniedHTTP 403 - Forbidden You don’t have permission for this
103 - Not Logged InHTTP 401 - Unauthorized You are not logged in
112 - OAuth2 Missing Scope ErrorHTTP 403 - Forbidden Your OAuth2 token lacks the necessary scopes for this request.
113 - OAuth2 Access Denied ErrorHTTP 403 - Forbidden OAuth2 token access for this resource is prohibited.

HTTP PUT

Update the scope of an OAuth2 token.

This resource allows a user to either (1) add and remove scopes or (2) replace the set of scopes with a new set.

Request Parameters

add_scopesString A comma-separated list of scopes to add.
remove_scopesString A comma-separated list of scopes to remove.
scopesString

A comma-separated list of scopes to override the current set with.

This field cannot be provided if either add_scopes or remove_scopes is provided.

Errors

100 - Does Not ExistHTTP 404 - Not Found Object does not exist
101 - Permission DeniedHTTP 403 - Forbidden You don’t have permission for this
103 - Not Logged InHTTP 401 - Unauthorized You are not logged in
105 - Invalid Form DataHTTP 400 - Bad Request One or more fields had errors
112 - OAuth2 Missing Scope ErrorHTTP 403 - Forbidden Your OAuth2 token lacks the necessary scopes for this request.
113 - OAuth2 Access Denied ErrorHTTP 403 - Forbidden OAuth2 token access for this resource is prohibited.

Examples

application/vnd.reviewboard.org.oauth-token+json

$ curl http://reviews.example.com/api/oauth-tokens/1/ -H "Accept: application/json"
Vary: Accept, Cookie
ETag: d684735b03f0dbe572d4e6e072a5ce7226069eeb
Content-Type: application/vnd.reviewboard.org.oauth-token+json
X-Content-Type-Options: nosniff
{
  "oauth_token": {
    "application": "Awesome App", 
    "expires": "2018-10-03T09:51:16.244000+00:00", 
    "links": {
      "delete": {
        "href": "http://reviews.example.com/api/oauth-tokens/1/", 
        "method": "DELETE"
      }, 
      "self": {
        "href": "http://reviews.example.com/api/oauth-tokens/1/", 
        "method": "GET"
      }, 
      "update": {
        "href": "http://reviews.example.com/api/oauth-tokens/1/", 
        "method": "PUT"
      }
    }, 
    "scope": [
      "root:read", 
      "review_request:read", 
      "review:read"
    ], 
    "token": "abc123"
  }, 
  "stat": "ok"
}