O Auth Client Create
Create an OAuth client owned by the authenticated account. Member-created clients are third-party explicit-scope clients. The requested allowed scopes must be a subset of the authenticated account's current permissions.
Create an OAuth client owned by the authenticated account.
Member-created clients are third-party explicit-scope clients. The requested allowed scopes must be a subset of the authenticated account's current permissions.
/auth/oauth/clientsAuthorization
browser In: cookie
Request Body
application/json
Response Body
application/json
application/json
curl -X POST "https://loading/api/auth/oauth/clients" \ -H "Content-Type: application/json" \ -d '{ "name": "string", "allowed_scopes": [ "string" ] }'{
"client": {
"id": "cc5lnd2s1s4652adtu50",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"account_id": "cc5lnd2s1s4652adtu50",
"client_id": "string",
"name": "string",
"type": "public",
"scope_policy": "explicit",
"redirect_uris": [
"http://example.com"
],
"allowed_scopes": [
"string"
],
"allowed_grants": [
"string"
]
},
"client_secret": "string"
}{
"error": "string",
"message": "string",
"suggested": "string",
"metadata": {}
}O Auth Authorise Consent Submit POST
Approve or deny a pending OAuth authorisation code request for the currently signed-in account. On approval this creates a short-lived authorisation code and returns the client redirect URI containing `code` and optional `state`. On denial the returned redirect URI contains `error=access_denied`. Storyden recomputes the granted scope at approval time from current account permissions and client policy.
O Auth Client Delete DELETE
Delete an OAuth client created by the authenticated account. This prevents new OAuth flows for the client and removes associated pending OAuth records and refresh tokens, preventing existing grants from being renewed. Existing JWT access tokens remain valid until expiry.