POST OAuth/GetGrants
Gets all grants for a user.
Requirements
- Roles: Admin, Grant Admin, Auditor, Application Owner. See OAuth roles for more information.
- Token scope: Admin
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
GranteePrefixedUniversal |
The prefixed universal ID of the user (grantee) whose grants are being looked up. The prefixed universal ID can be found from the identity value returned from POST Authorize/Oauth or the PrefixedUniversal value returned from POST Identity/Browse. |
Returns
Name |
Description |
---|---|
HTTP 200 |
See OAuth result codes. A Grants object is returned with the following values:
|
HTTP 400 |
For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:
|
HTTP 401 |
For authentication errors, this call returns HTTP 401 Unauthorized and the following data in the message body:
|
HTTP 403 |
If the response is HTTP 403 Forbidden, the requester's token does not include the admin scope. Call POST Authorize/Oauth with the correct scope and restriction. Update the header with the new token and retry.
|
Example
Request
POST /vedsdk/oauth/getgrants HTTP/1.1 Host: tpp-server-url Content-Type: application/json Accept: application/json Authorization: Bearer 4MyGeneratedBearerTknz== { "GranteePrefixedUniversal": "local:{5a32c46e-e7d8-404d-9987-2e68c0928219}" }
Response
{ "Grants": [ { "AccessIssuedOn": "/Date(1668623132853)/", "AccessIssuedOnISO8601": "2022-11-16T18:25:32Z", "AccessIssuedOnUnixTime": 1668623133, "Application": "VenafiMMCCodeSigning", "Expires": "/Date(1697394332853)/", "ExpiresISO8601": "2023-10-15T18:25:32Z", "ExpiresUnixTime": 1697394333, "GrantIssuedOn": "/Date(1668623132853)/", "GrantIssuedOnISO8601": "2022-11-16T18:25:32Z", "GrantIssuedOnUnixTime": 1668623133, "GranteePrefixedUniversal": "local:{5a32c46e-e7d8-404d-9987-2e68c0928219}", "Scope": { "ScopeList": [ { "RestrictionList": [ "admin", "approve", "delete", "manage" ], "Scope": "codesign" }, { "RestrictionList": [ "delete", "manage" ], "Scope": "configuration" }, { "RestrictionList": [ "manage" ], "Scope": "security" } ] }, "ValidFor": 7776000 } ], "Result": 0, "Success": true }