POST /oauth/admin/grants/{GrantID}/actions

Executes a valid workflow action associated with the specified OAuth grant.

Grant administration is done by performing an action on a grant. For example, the action to revoke the grant could be done by the resource owner, client administrator, or provider administrator. There are reserved actions used by the provider as part of the grant issue process.

Custom actions could be introduced by customizing the workflow definition. For example, each action could be restricted based on the user’s roles and can result in changing the grant state.

Note: Workflow actions relating to OAuth are controlled by the OAuth workflow, which you can customize if needed. For more information, review the default OAuth grant workflow. You can download it from the Community Manager developer portal: Admin > Workflows > workflow:definition:oauth:grant:default:1.0.0.

For more information about revoking a grant, see OAuth: Revoking a Grant.

Authorization Roles/Permissions: Must be an authorized user for the resource. Authentication cookie is required. Some workflow actions require that the user is either an app team member or a Site Administrator (as noted).

This topic includes the following sections:

HTTP Method
URL
Sample Request
Request Headers
Request Parameters

Response
Sample Response
Response Headers
Response Body
Error Codes/Messages

HTTP Method

POST

URL

https://{oauth-provider-url}/oauth/admin/grants/{GrantID}/actions

Sample Request

The example below shows a request to change the grant status from Pending to Declined.

Sample Request URL

https://{oauth-provider-url}/oauth/admin/grants/ah27khdbb4kk/actions

Sample request headers

POST http://{oauth-provider-url}/oauth/admin/grants/ah27khdbb4kk/actions HTTP/1.1
Content-Type: application/json
Host: {oauth-provider-url}
Cookie: OAuthToken_{OAuthProviderName}={Cookie value (usually starts with TokenID)}

Sample request body

{
  "Action":"resource.owner.declined",
  "Comment":"Declined."
}

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header	Description
Accept	application/json
Content-Type	application/json
Cookie	OAuthToken_{OAuthProviderName}—The OAuth cookie that identifies the logged-in user with the provider. Depending on the operation being used and the context, the authenticated user could be the resource owner, the administrator, the client app administration, or the OAuth Provider. The cookie is returned after logging in with the POST /oauth/login operation.

Request Parameters

Parameter	Parm Type	Data Type	Required	Description
GrantID	Path	string	Required	The unique ID for a specific instance of an OAuth grant.
ActionRequest	POST	ActionRequest	Required	Contains information about a request for a workflow action associated with a specific OAuth grant.

Request Payload, Additional Notes

The possible values for ACTION when using the out-of-box workflow definition are below. For a custom workflow, the list could be different based on the workflow definition. The default values are:

For Active grants, Actions allowed include:
- resource.owner.revoked
- resource.owner.cancelled
- app.admin.cancelled
- provider.admin.cancelled
For Revoked grants, Actions allowed include:
- resource.owner.reinstated
- resource.owner.cancelled
- app.admin.cancelled
- provider.admin.cancelled

In the above list, some actions have restrictions, as follows:

These actions are available to resource owner only:
- resource.owned.revoked
- resource.owner.reinstated
- resource.owner.cancelled
This action is available to app administrator only:
- app.admin.cancelled
This action is available to provider administrators only:
- provider.admin.cancelled

Response

If successful, this operation returns HTTP status code 200. The Grant object is returned as JSON with the updated details.

Sample Response

The sample response below shows successful completion of this operation.

Sample response headers

HTTP/1.1 200 OK
Content-Type: application/json
Expires: Wed, 26 Aug 2015 14:08:05 GMT

Sample response body

{
  "GrantID" : "ah27khdbb4kk",
  "GrantProvider" : "OAuthAutomationacmepaymentscorp",
  "GrantType" : "authorization_code",
  "OpenIdConnectGrant" : false,
  "GrantStatus" : "Rejected",
  "GrantExpirationDateTime" : 1441912084000,
  "GrantExpirationDateTimeInMillis" : 1441912084000,
  "GrantClient" : {
    "ClientID" : "acmepaymentscorp-4dAwP8UNqkU9pq4eDi6Sd68V"
  },
  "GrantClientRedirectUri" : "http://acmepaymentscorp.com:9900/",
  "ResourceOwnerUserInfo" : {
    "DomainName" : "Ldapacmepaymentscorp",
    "UID" : "eng99"
  },
  "GrantResourceScope" : {
    "Resource" : [ {
      "Name" : "Scope1"
    } ]
  },
  "GrantIssuedDateTime" : 1440616084000,
  "GrantIssuedDateTimeInMillis" : 1440616084000,
  "GrantUpdatedDateTime" : 1440616085000,
  "GrantUpdatedDateTimeInMillis" : 1440616085000,
  "ResponseType" : "code"
}

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header	Description
Content-Type	application/json

Response Body

Name	Type	Description
Grant	Grant	Contains information about an OAuth grant.

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item	Value
401	Unauthorized. For example, you would get this response if you didn't include the OAuthToken_{OAuthProviderName} cookie, or if you included an invalid cookie.
500	An error occurred processing the call.

More information about Akana OAuth API error messages.