<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000AIbpfnCQBOkta Classic EngineAPI Access ManagementAnswered2024-12-18T15:43:25.000Z2024-12-12T13:25:14.000Z2024-12-18T15:43:25.000Z

DonaldS.01884 (Customer) asked a question.

December 12, 2024 at 1:25 PM
Application grants endpoint /api/v1/apps/{appId}/grants responding with 404

Hello,

 

while working with /api/v1/apps/{appId}/grants I noticed that for some apps for which grants (scopes) cannot be given the API responds with 404. I would like to avoid making redundant API calls, meaning not calling for grants for apps which cannot have grants. The question is how do I distinguish the ones which can have grants from the ones that cannot? I checked the API documentation but did not find any info regarding that topic. I hope there is a param or a field in apps API response (/api/v1/apps) that will help me filter them and retrieve the ones for which I can call for grants.

 

/help/servlet/rtaImage?refid=0EM4z000007Ion4

/help/servlet/rtaImage?refid=0EM4z000007Ion9

 

Thanks in advance!

  • 2 answers
  • 225 views

  • TimL.58332 (Workflows)

    @DonaldS.01884 (Customer)​ - So assuming my understanding is correct. Which is if you navigate in the Admin UI to applications>applications and look at the different applications there will be apps with a "Scopes" tab and those without. The ones without cannot have grant's because they don't deal in scopes hence the 404.

     

    Looking at the API documentation there doesn't appear to be a method to filter/search a list of apps via "signOnMode". Apps with a signOnMode of OPENID_CONNECT will result in success on the /grants calls. However, one with BROWSER_PLUGIN will result in a 404.

     

    So my only recommendation would be to not-process the signOnMode(s) you know will result in a 404. Either filter them out of your list/array to be processed. Or evaluate them prior to making the call and stop processing if it isn't a signOnMode type that will result in success.

    Expand Post

  • DonaldS.01884 (Customer)

    Hello, thank you! It works just fine, though I still would really appreciate this (for which apps an endpoint works) being mentioned somewhere in the API documentation :).

     

    Now I noticed I have a similar problem with `/api/v1/apps/{appId}/sso/saml/metadata` endpoint. It responds with 404 for some apps, not with 200 and an empty response. And I cannot find any dependence between this fact and the fields in the app json from apps endpoint. So again, how do I filter the apps here to get only ones for which the saml endpoint will respond with 200?

     

    (should I perhaps create new topic as it relates to an other endpoint?)

    Expand Post
This question is closed.
Loading
Application grants endpoint /api/v1/apps/{appId}/grants responding with 404