O Auth Refresh Token List
List OAuth refresh tokens issued to the authenticated account. This is the member-facing "authorised applications" view: it lists apps the signed-in account has authorised and can revoke. In OAuth terms, these rows are grants/tokens, not application definitions. This may include grants for built-in first-party clients such as the default Storyden CLI. Those clients are not created by the member and therefore do not appear in the member OAuth client list.
/auth/oauth/tokensList OAuth refresh tokens issued to the authenticated account.
This is the member-facing "authorised applications" view: it lists apps the signed-in account has authorised and can revoke. In OAuth terms, these rows are grants/tokens, not application definitions.
This may include grants for built-in first-party clients such as the default Storyden CLI. Those clients are not created by the member and therefore do not appear in the member OAuth client list.
Authorization
browser In: cookie
Response Body
application/json
application/json
curl -X GET "https://example.com/auth/oauth/tokens"{
"tokens": [
{
"id": "cc5lnd2s1s4652adtu50",
"createdAt": "2019-08-24T14:15:22Z",
"oauth_client_id": "cc5lnd2s1s4652adtu50",
"client_id": "string",
"client_name": "string",
"account_id": "cc5lnd2s1s4652adtu50",
"scope": "string",
"expires_at": "2019-08-24T14:15:22Z",
"revoked_at": "2019-08-24T14:15:22Z",
"replaced_by_token_id": "cc5lnd2s1s4652adtu50",
"last_used_at": "2019-08-24T14:15:22Z"
}
]
}{
"type": "string",
"title": "string",
"detail": "string",
"trace_id": "string",
"metadata": {}
}O Auth Refresh Token Delete DELETE
Revoke one OAuth refresh token issued to the authenticated account. This prevents future refresh-token use for the selected grant. Existing JWT access tokens remain valid until their expiry.
O Auth Remote Callback GET
Complete a remote OAuth authorization code callback. This validates the saved state, exchanges the code with PKCE, and stores returned tokens on the remote connection.