GET /api/users/{userId}/grants
O auth2

Retrieve all non-expired grants of the user. Optionally filter by application type via appType; when omitted, grants from all application types are returned.

Path parameters

  • userId string Required

    The unique identifier of the user.

Query parameters

  • appType string

    Application type filter. Use 'thirdParty' to list third-party app grants only, or 'firstParty' to list first-party app grants only. If omitted, grants from all applications are returned.

    Values are firstParty or thirdParty.

Responses

  • 200 application/json

    Return non-expired grants of the user. Results are filtered by app type when appType is provided.

    Hide response attribute Show response attribute object
    • grants array[object] Required
      Hide grants attributes Show grants attributes object
      • id string Required
      • payload object Required
        Hide payload attributes Show payload attributes object
        • exp number Required
        • iat number Required
        • jti string Required
        • kind string("Grant") Required
        • clientId string Required
        • accountId string Required
      • expiresAt number Required
  • 400

    Bad Request

  • 401

    Unauthorized

  • 403

    Forbidden

  • 500

    Internal Server Error

GET /api/users/{userId}/grants 
curl \
 --request GET 'https://[tenant_id].logto.app/api/users/{userId}/grants' \
 --header "Authorization: Bearer $ACCESS_TOKEN"
Response examples (200) 
{
  "grants": [
    {
      "id": "string",
      "payload": {
        "exp": 42.0,
        "iat": 42.0,
        "jti": "string",
        "kind": "string",
        "clientId": "string",
        "accountId": "string"
      },
      "expiresAt": 42.0
    }
  ]
}