Jump to >

OAuth2 Applications Resource

Added in 3.0

Manage OAuth2 applications.

Details

Name oauth_app
URI /api/oauth-apps/{app_id}/
Token Policy ID oauth_app
HTTP Methods
  • DELETE - Delete the OAuth2 application.
  • GET - Return information on a particular OAuth2 application.
  • PUT - Update an OAuth2 application.
Parent Resource OAuth2 Applications List Resource
Child Resources None
Anonymous Access No

Fields

authorization_grant_typeOne of authorization-code, client-credentials, implicit, password How the authorization is granted to the application. This will be one of authorization-code, client-credentials, implicit, or password.
client_idString The client ID. This will be used by your application to identify itself to Review Board.
client_secretString The client secret. This should only be known to Review Board and the application.
client_typeOne of confidential, public

The type of client. Confidential clients must be able to keep user password secure.

This will be one of confidential or public.

enabledBoolean

Whether or not this application is enabled.

If disabled, authentication and API access will not be available for clients using this application.

extra_dataDictionary Extra information associated with the application.
idInteger The application ID. This uniquely identifies the application when communicating with the Web API.
nameString The application name.
redirect_urisList of String The list of allowed URIs to redirect to.
skip_authorizationBoolean

Whether or not users will be prompted for authentication.

This field is only editable by administrators.

userUser Resource The user who created the application.

HTTP DELETE

Delete the OAuth2 application.

After a successful delete, this will return HTTP 204 No Content.

Errors

100 - Does Not ExistHTTP 404 - Not Found Object does not exist
101 - Permission DeniedHTTP 403 - Forbidden You don’t have permission for this
103 - Not Logged InHTTP 401 - Unauthorized You are not logged in
112 - OAuth2 Missing Scope ErrorHTTP 403 - Forbidden Your OAuth2 token lacks the necessary scopes for this request.
113 - OAuth2 Access Denied ErrorHTTP 403 - Forbidden OAuth2 token access for this resource is prohibited.

HTTP GET

Return information on a particular OAuth2 application.

The client’s logged in user must either own the app in question or be an administrator.

Errors

100 - Does Not ExistHTTP 404 - Not Found Object does not exist
101 - Permission DeniedHTTP 403 - Forbidden You don’t have permission for this
103 - Not Logged InHTTP 401 - Unauthorized You are not logged in
112 - OAuth2 Missing Scope ErrorHTTP 403 - Forbidden Your OAuth2 token lacks the necessary scopes for this request.
113 - OAuth2 Access Denied ErrorHTTP 403 - Forbidden OAuth2 token access for this resource is prohibited.

HTTP PUT

Update an OAuth2 application.

Extra data can be stored later lookup. See Storing/Accessing Extra Data for more information.

Request Parameters

authorization_grant_typeOne of authorization-code, client-credentials, implicit, password How authorization is granted to the application.
client_typeOne of confidential, public The client type. Confidential clients must be able to keep user passwords secure.
enabledBoolean

Whether or not the application will be enabled.

If disabled, authentication and API access will not be available for clients using this application.

Defaults to true when creating a new Application.

nameString The application name.
redirect_urisString A comma-separated list of allowed URIs to redirect to.
regenerate_client_secretBoolean

The identifier of the LocalSite to re-assign this Application to.

The Application will be limited to users belonging to that Local Site and will only be editable via the API for that LocalSite.

If this is set to the empty string, the Application will become unassigned from all Local Sites and will be available globally.

skip_authorizationBoolean Whether or not users will be prompted for authentication.
userString

The user who owns the application.

This field is only available to super users.

Errors

100 - Does Not ExistHTTP 404 - Not Found Object does not exist
101 - Permission DeniedHTTP 403 - Forbidden You don’t have permission for this
103 - Not Logged InHTTP 401 - Unauthorized You are not logged in
105 - Invalid Form DataHTTP 400 - Bad Request One or more fields had errors
112 - OAuth2 Missing Scope ErrorHTTP 403 - Forbidden Your OAuth2 token lacks the necessary scopes for this request.
113 - OAuth2 Access Denied ErrorHTTP 403 - Forbidden OAuth2 token access for this resource is prohibited.

Examples

application/vnd.reviewboard.org.oauth-app+json

$ curl http://reviews.example.com/api1/ -H "Accept: application/json"
Vary: Accept, Cookie
ETag: 9f9c54fd1cb8cbd97eb962bc97bcd757943d29ec
Content-Type: application/vnd.reviewboard.org.oauth-app+json
X-Content-Type-Options: nosniff
{
  "oauth_app": {
    "authorization_grant_type": "client-credentials", 
    "client_id": "awesome-app", 
    "client_secret": "ILWUl0tzMvDhBZZVnmtIRzL0vJPIaUMJykBXSfnjBAGOo0L1tk1yEv0akpuovA9vI5heXdrEDzHJny4S98XIvoMzh6Zx8Fr4g1aOZ22i6RNrO56Ja23X09xAETA3mUqK", 
    "client_type": "public", 
    "enabled": true, 
    "extra_data": {}, 
    "id": 1, 
    "links": {
      "delete": {
        "href": "http://reviews.example.com/api/oauth-apps/1/", 
        "method": "DELETE"
      }, 
      "self": {
        "href": "http://reviews.example.com/api/oauth-apps/1/", 
        "method": "GET"
      }, 
      "update": {
        "href": "http://reviews.example.com/api/oauth-apps/1/", 
        "method": "PUT"
      }, 
      "user": {
        "href": "http://reviews.example.com/api/users/doc/", 
        "method": "GET", 
        "title": "doc"
      }
    }, 
    "name": "Awesome App", 
    "redirect_uris": [
      "https://awesomeapp.example.com/oauth-redirect/"
    ], 
    "skip_authorization": false
  }, 
  "stat": "ok"
}