POST /oauth/admin/grants/{GrantID}/actions

Executes a valid workflow action associated with the specified OAuth grant.

Grant administration is done by performing an action on a grant. For example, the action to revoke the grant could be done by the resource owner, client administrator, or provider administrator. There are reserved actions used by the provider as part of the grant issue process.

Custom actions could be introduced by customizing the workflow definition. For example, each action could be restricted based on the user’s roles and can result in changing the grant state.

Note: Workflow actions relating to OAuth are controlled by the OAuth workflow, which you can customize if needed. For more information, review the default OAuth grant workflow. You can download it from the Community Manager developer portal: Admin > Workflows > workflow:definition:oauth:grant:default:1.0.0.

For more information about revoking a grant, see OAuth: Revoking a Grant.

Authorization Roles/Permissions: Must be an authorized user for the resource. Authentication cookie is required. Some workflow actions require that the user is either an app team member or a Site Administrator (as noted).

This topic includes the following sections:

HTTP Method

POST

URL

https://{oauth-provider-url}/oauth/admin/grants/{GrantID}/actions

Sample Request

The example below shows a request to change the grant status from Pending to Declined.

Sample Request URL

https://{oauth-provider-url}/oauth/admin/grants/ah27khdbb4kk/actions

Sample request headers

POST http://{oauth-provider-url}/oauth/admin/grants/ah27khdbb4kk/actions HTTP/1.1
Content-Type: application/json
Host: {oauth-provider-url}
Cookie: OAuthToken_{OAuthProviderName}={Cookie value (usually starts with TokenID)}

Sample request body

{
  "Action":"resource.owner.declined",
  "Comment":"Declined."
}

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept application/json
Content-Type application/json
Cookie OAuthToken_{OAuthProviderName}—The OAuth cookie that identifies the logged-in user with the provider. Depending on the operation being used and the context, the authenticated user could be the resource owner, the administrator, the client app administration, or the OAuth Provider. The cookie is returned after logging in with the POST /oauth/login operation.

Request Parameters

Parameter Parm Type Data Type Required Description
GrantID Path string Required The unique ID for a specific instance of an OAuth grant.
ActionRequest POST ActionRequest Required Contains information about a request for a workflow action associated with a specific OAuth grant.

Request Payload, Additional Notes

The possible values for ACTION when using the out-of-box workflow definition are below. For a custom workflow, the list could be different based on the workflow definition. The default values are:

  • For Active grants, Actions allowed include:
    • resource.owner.revoked
    • resource.owner.cancelled
    • app.admin.cancelled
    • provider.admin.cancelled
  • For Revoked grants, Actions allowed include:
    • resource.owner.reinstated
    • resource.owner.cancelled
    • app.admin.cancelled
    • provider.admin.cancelled

In the above list, some actions have restrictions, as follows:

  • These actions are available to resource owner only:
    • resource.owned.revoked
    • resource.owner.reinstated
    • resource.owner.cancelled
  • This action is available to app administrator only:
    • app.admin.cancelled
  • This action is available to provider administrators only:
    • provider.admin.cancelled

Response

If successful, this operation returns HTTP status code 200. The Grant object is returned as JSON with the updated details.

Sample Response

The sample response below shows successful completion of this operation.

Sample response headers

HTTP/1.1 200 OK
Content-Type: application/json
Expires: Wed, 26 Aug 2015 14:08:05 GMT

Sample response body

{
  "GrantID" : "ah27khdbb4kk",
  "GrantProvider" : "OAuthAutomationacmepaymentscorp",
  "GrantType" : "authorization_code",
  "OpenIdConnectGrant" : false,
  "GrantStatus" : "Rejected",
  "GrantExpirationDateTime" : 1441912084000,
  "GrantExpirationDateTimeInMillis" : 1441912084000,
  "GrantClient" : {
    "ClientID" : "acmepaymentscorp-4dAwP8UNqkU9pq4eDi6Sd68V"
  },
  "GrantClientRedirectUri" : "http://acmepaymentscorp.com:9900/",
  "ResourceOwnerUserInfo" : {
    "DomainName" : "Ldapacmepaymentscorp",
    "UID" : "eng99"
  },
  "GrantResourceScope" : {
    "Resource" : [ {
      "Name" : "Scope1"
    } ]
  },
  "GrantIssuedDateTime" : 1440616084000,
  "GrantIssuedDateTimeInMillis" : 1440616084000,
  "GrantUpdatedDateTime" : 1440616085000,
  "GrantUpdatedDateTimeInMillis" : 1440616085000,
  "ResponseType" : "code"
}

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type application/json

Response Body

Name Type Description
Grant Grant Contains information about an OAuth grant.

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
401 Unauthorized. For example, you would get this response if you didn't include the OAuthToken_{OAuthProviderName} cookie, or if you included an invalid cookie.
500 An error occurred processing the call.

More information about Akana OAuth API error messages.