<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Allow Users to Review and Revoke Consent with Custom OAuth 2.0 Scopes
Jun 9, 2023
Administration
Okta Classic Engine
In this video, API expert Keith Casey will demonstrate for admins on how they can write custom OAuth 2.0 scopes that allow users to review and revoke consent..

User-added image

 

  • Protect users by making sure they’re informed who has access to which parts of their data.
  • Allow administrators to define custom OAuth 2.0 scopes which map to permissions within their APIs.
  • Use the Okta API to view the consent information captured.
  • Build custom screens to allow users to review and revoke any consent they’ve granted.


Best Practices
 

  • Make sure that your end user facing applications have clear names. “Application 1” isn’t enough. You should use names that are useful and meaningful so users know exactly who they're sharing their data with.
  • Your scopes should be meaningful. Having scopes called “read only” and “read write” are much more useful if we know what data the application can read and write.
  • Development teams and projects should include a page for users to review and revoke consent as they see fit.


FAQs
 

Q: How do I enable my branding on this page?
A: Using our Custom URL and Custom Login page features, you can make sure your users have an experience that is consistent with your brand and exactly what they expect.
Q: How can my users revoke consent?
A: There is not an OAuth 2.0 specific approach for this but within the Okta API, we give you the ability to revoke a single, specific scope, all scopes for an application application, or all scopes for that user. Whether you’re fine-grained or broad is entirely up to you.
Q: How does this change my application?
A: Very minimally. When the user grants consent, the OAuth flow returns control to your application along with the access token, just as it does now. When the user denies consent, Okta does not generate the access token and returns an error with a useful message. You only have to handle the new error message.

 

Recommended content

Still looking for help?
Loading
Allow Users to Review and Revoke Consent with Custom OAuth 2.0 Scopes