oauth-tokens
This API is used to interact with Edge Auth resources in Qlik elastic environments.
Endpoints
Skip to sectionGET | /oauth-tokens |
DELETE | /oauth-tokens/{tokenId} |
list oauth tokens
Query Parameters GET /oauth-tokens
limit optional, minimum=1, maximum=100 number | The maximum number of tokens to return |
userId optional string | The ID of the user to limit results to |
page optional string | The target page |
sort optional, default='userId' string | The field to sort by Enum: userId |
Responses GET /oauth-tokens
200 application/json | The page result |
400 application/json | Invalid request parameter for querying tokens |
401 application/json | Authentication failed. |
GET/oauth-tokens
curl "https://your-tenant.us.qlikcloud.com/api/v1/oauth-tokens" \
-H "Authorization: Bearer <API-key>"
Response GET /oauth-tokens
{
"data": [
{
"tenantId": "string",
"userId": "string",
"id": "string",
"description": "string",
"deviceType": "string",
"lastUsed": "2022-05-18T10:58:17.523Z"
}
],
"links": {
"self": {
"href": "http://example.com"
},
"next": {
"href": "http://example.com"
},
"prev": {
"href": "http://example.com"
}
}
}
Revoke an OAuth token by ID
Path Parameters DELETE /oauth-tokens/{tokenId}
tokenId string<uid> | The ID of the token to revoke |
Responses DELETE /oauth-tokens/{tokenId}
204 application/json object | Token deleted successfully |
401 application/json | Authentication failed. |
default application/json | Unexpected error. |
DELETE/oauth-tokens/{tokenId}
curl "https://your-tenant.us.qlikcloud.com/api/v1/oauth-tokens/{tokenId}" \
-X DELETE \
-H "Authorization: Bearer <API-key>"
Errors
objectA representation of the errors encountered from the HTTP request.
Properties
errors | No description |
Error
objectAn error object.
Properties
code string | The error code. |
title string | The error title. |
status optional string | The http status code. |
detail optional string | The detailed error message |
meta optional object | Non-standard information about the error |
Diagnose-claims
objectDiagnostic claims object.
Properties
subType string | The token type. |
claimsFromIdp object | The claims from idp. |
mappedClaims object | The mapped claims. |
internalClaims optional object | The claims used internally for requests from the entity |
claimSource optional string | No description Enum: idp-userinfo id-token idp-introspection external-token |
ClaimsInfo
objectInformation about the claims obtained from the internal JWT that got created while performing authentication.
Properties
roles Array<string> | The names of the roles resolved for the current user including the ones he obtains through his groups' membership. |
service-token-request
The request body for a service to service token
Properties
grant_type string | The grant type of the token request Enum: qlik:service-token |
service_token string | The token identifying the service |
service_token_type optional, default='jwt' string | The type of service token Enum: jwt |
audience string | The audience of the token, must be locked down to a specific resource |
tenantId optional string | Optional (but strongly suggested) tenantId to limit the resultant token to |
token-renewal-request
The request body for a token renewal
Properties
grant_type string | The grant type of the token request Enum: qlik:token-renewal |
renewer_token string | The token identifying the entity renewing the token |
renewer_token_type optional, default='jwt' string | The type of renewer token Enum: jwt |
subject_token string | The token being renewed |
subject_token_type optional, default='jwt' string | The type of subject token Enum: jwt |
user-impersonation-request
The request body for a token impersonation
Properties
grant_type string | The grant type of the token request Enum: qlik:user-impersonation |
actor_token string | The token identifying the entity to impersonate the token |
actor_token_type optional, default='jwt' string | The type of actor token Enum: jwt |
user_id string | The ID of the user to impersonate |
request_tenant_id optional string | ID of tenant associated with the original API request |
elevate optional, default=false boolean | Whether to include elevated permissions, requires ELEVATE service permission |
token-response
objectResponse containing an internal token
Properties
access_token string | The internal token |
token_type string | The token type Enum: Bearer |
expires_in number | The number of seconds the token is valid for |
expiry number | The Unix time in seconds that the token will expire at |
oauth-client-credentials-request
Properties
grant_type string | No description Enum: client_credentials |
scope optional string | The scope of access that is being requested. Enum: user_default |
oauth-refresh-request
Properties
grant_type string | No description Enum: refresh_token |
refresh_token string | The refresh token to use. |
client_secret optional string | The client secret. |
oauth-token-response
objectProperties
access_token string | The access token granted |
refresh_token optional string | Refresh token to be used to obtain a new access token without user intervention |
token_type string | The type of the token issued Enum: bearer |
expires_at optional string<date-time> | The date and time in ISO format for when the access token will expire |
auth_time optional number | Unix time of when the last authentication occurred |
scope optional string | The scope of access that is being granted, delimited by space |
oauth-consent-request
objectProperties
state string | The state Id |
approve boolean | the user's approval |
_csrf string | the value of consent csrf cookie |
oauth-revoke-request
objectProperties
token string | The token to revoke |
token_type_hint optional string | Type of the provided token Enum: access_token refresh_token |
oauth-token
Properties
tenantId string | The ID of the owning tenant |
userId string | The ID of the owning user |
id string | The token ID |
description optional string | The description of the token |
deviceType optional string | The type of the user device the authorization token is generated for (Tablet, Phone etc.) |
lastUsed optional string<date-time> | The last time the token was used |
link
Properties
href string<uri> | The URL for the link |
oauth-token-page
objectProperties
data | No description |
links | No description |