PingOne Platform APIs

User OAuth Scope Consents

A user OAuth scope consent resource is a record of a user’s OpenID Connect OAuth scope consents. The OAuth scope consent service gives end users the ability to control the user data they wish to share with third party applications. These consents granted through PingOne help enterprises build trust with customers who want to use third-party applications with the enterprise’s service but want control over the data they are agreeing to share.

This service provides operations to create, read, and update user OAuth scope consent resources. This service applies only to applications that have their protocol property set to OPENID_CONNECT.

Applications with a protocol value of OPENID_CONNECT always include the openid scope as part of the application’s resource grant. However, to grant any other OpenID Connect scopes to the application, such as the profile scope, you must specify the resource grant specifically using the Create Grant endpoint.

You need the Identity Data Admin role to perform operations on user oauth scope consent resources.

Expanding and filtering response data

You can expand GET {{apiPath}}/environments/{{envID}}/users{{userID}}/oauthConsents and GET {{apiPath}}/environments/{{envID}}/users/{{userID}}/oauthConsents/{{oauthConsentID}} results with the expand=applications query parameter to return additional information about the associated application in the response.

You can filter a user’s consents by application ID or by application name using the query parameters filter=application.id eq "{{appID}}" or filter=application.name eq "{{appName}}" on GET operations.

Property Type Required? Mutable? Description

application

Relationship

Optional

Mutable

A relationship that specifies the application associated with this OAuth scope consent.

application.id

String

Optional

Mutable

A string that specifies the ID of the application associated with this OAuth scope consent. This property is required for applications with an application.appType property of PINGONE.

application.name

String

Optional

Mutable

A string that specifies the name of the application associated with this OAuth scope consent. This property is required for applications with an application.appType property of EXTERNAL.

application.appType

String

Optional

Mutable

A string that specifies the application type associated with this OAuth scope consent. Options are PINGONE and EXTERNAL.

browser

UserAgentInfo

Optional

Read only

Information that specifies the browser used to make the consent. The UserAgentInfo object includes data for name (required) and version.

consentedAt

Date

Optional

Read only

The time when a user consent occurs.

device

UserAgentInfo

Optional

Read only

Information that specifies the device used to make the consent. The UserAgentInfo object includes data for the device type.

environment.id

String

Optional

Read only

A string that specifies the ID of the environment associated with this OAuth scope consent.

operatingSystem

UserAgentInfo

Optional

Read only

Information that specifies the operating system of the device used to make the consent. The UserAgentInfo object includes data for name (required) and version.

scope

Set

Optional

Mutable

A set of strings that specifies the scopes associated with this OAuth scope consent.

status

String

Required

Mutable

A string that specifies whether the consent is valid or not. Options are ACCEPTED, REVOKED, and DECLINED.

user

Relationship

Optional

Mutable

A relationship that specifies the user associated with this OAuth scope consent.

user.id

String

Optional

Mutable

A string that specifies the ID of the user associated with this OAuth scope consent.

updatedAt

Date

Optional

Read only

The time when a user consent is updated.

Response codes

Code Message

200

Successful operation.

201

Created.

400

The request could not be completed.

401

You do not have access to this resource.

404

The requested resource was not found.