ApiManagementThird party apps
GET
/v2/mgmt/thirdparty/app/load

Authorization

Descope Project ID and Management Key
AuthorizationBearer <token>

Project ID:Management Key as bearer token.

In: header

Query Parameters

id?string
clientId?string

Loads a third party application by id in the structured scope-claim mapping model, using a valid management key. Legacy attributesScopes are converted to scopeClaimMapping and returned empty.

curl -X GET "https://api.descope.com/v2/mgmt/thirdparty/app/load"
{  "app": {    "id": "string",    "name": "string",    "description": "string",    "clientId": "string",    "logo": "string",    "loginPageUrl": "string",    "approvedCallbackUrls": [      "string"    ],    "permissionsScopes": [      {        "name": "string",        "description": "string",        "optional": true,        "values": [          "string"        ]      }    ],    "dynamic": true,    "status": "string",    "logoUrl": "string",    "jwtBearerSettings": {      "issuers": {        "property1": {          "jwksUri": "string",          "signAlgorithm": "string",          "userInfoUri": "string",          "externalIdFieldName": "string"        },        "property2": {          "jwksUri": "string",          "signAlgorithm": "string",          "userInfoUri": "string",          "externalIdFieldName": "string"        }      },      "jwtBearerGrantTypeAudienceToUse": "string",      "jwtBearerGrantTypeScopeToUse": "string",      "jwtBearerGrantTypeCustomClaimsToUse": "string"    },    "sessionSettings": {      "enabled": true,      "refreshTokenExpiration": 0,      "refreshTokenExpirationUnit": "string",      "sessionTokenExpiration": 0,      "sessionTokenExpirationUnit": "string",      "userTemplateId": "string",      "keyTemplateId": "string",      "keySessionTokenExpiration": 0,      "keySessionTokenExpirationUnit": "string"    },    "nonConfidentialClient": true,    "audienceWhitelist": [      "string"    ],    "forceAddAllAuthorizationInfo": true,    "connectionsScopes": [      {        "name": "string",        "description": "string",        "optional": true,        "values": [          "string"        ]      }    ],    "defaultAudience": "string",    "skipConsentScreen": true,    "useResources": true,    "customAttributes": {      "attribute-key": "attribute-value"    },    "cibaSettings": {      "enabled": true,      "expirationTime": 0,      "expirationTimeUnit": "string",      "emailServiceProvider": "string",      "emailServiceProviderFallback": "string",      "emailServiceTemplateId": "string",      "loginPageURL": "string"    },    "jarSettings": {      "enforce": true,      "publicKey": "string",      "maxLifetimeSeconds": 0,      "fapi": true    },    "allowedTenants": [      "string"    ],    "clientType": "string",    "forcePkce": true,    "allowPartialScopes": true,    "scopeClaimMapping": [      {        "scope": "string",        "claims": {          "property1": "string",          "property2": "string"        },        "description": "string",        "useProjectMapping": true,        "mandatory": true      }    ]  }}
export interface Response {app?: {id?: stringname?: stringdescription?: stringclientId?: stringlogo?: stringloginPageUrl?: stringapprovedCallbackUrls?: string[]permissionsScopes?: {name?: stringdescription?: stringoptional?: booleanvalues?: string[]}[]dynamic?: booleanstatus?: stringlogoUrl?: stringjwtBearerSettings?: {issuers?: {[k: string]: IssuerSettings}jwtBearerGrantTypeAudienceToUse?: stringjwtBearerGrantTypeScopeToUse?: stringjwtBearerGrantTypeCustomClaimsToUse?: string}sessionSettings?: {enabled?: booleanrefreshTokenExpiration?: numberrefreshTokenExpirationUnit?: stringsessionTokenExpiration?: numbersessionTokenExpirationUnit?: stringuserTemplateId?: stringkeyTemplateId?: stringkeySessionTokenExpiration?: numberkeySessionTokenExpirationUnit?: string}nonConfidentialClient?: booleanaudienceWhitelist?: string[]forceAddAllAuthorizationInfo?: booleanconnectionsScopes?: {name?: stringdescription?: stringoptional?: booleanvalues?: string[]}[]defaultAudience?: stringskipConsentScreen?: booleanuseResources?: boolean/** * Custom attributes as key-value pairs. Keys must be strings; values can be strings, numbers, booleans, or arrays. */customAttributes?: {[k: string]: string}cibaSettings?: ThirdPartyApplicationCIBASettings/** * JAR (JWT-Secured Authorization Request, RFC 9101) settings for Third Party Applications */jarSettings?: {enforce?: booleanpublicKey?: stringmaxLifetimeSeconds?: numberfapi?: boolean}allowedTenants?: string[]clientType?: stringforcePkce?: booleanallowPartialScopes?: booleanscopeClaimMapping?: {scope?: string/** * claims is consulted only when useProjectMapping is false. When useProjectMapping is true, *  the project-wide mapping's entry for `scope` provides the claims and this field is ignored. */claims?: {[k: string]: string}description?: string/** * useProjectMapping, when true, reuses the project-wide ScopeClaimMapping's entry for this *  scope (the app's `claims` field is ignored). Default false uses the app's own `claims`. */useProjectMapping?: boolean/** * mandatory, when true, means the scope is always granted and cannot be deselected by the *  user on the consent screen. Mirrors the inverse of the legacy ApplicationScope.optional. */mandatory?: boolean}[]}}export interface IssuerSettings {jwksUri?: stringsignAlgorithm?: stringuserInfoUri?: stringexternalIdFieldName?: string}export interface ThirdPartyApplicationCIBASettings {enabled?: booleanexpirationTime?: numberexpirationTimeUnit?: stringemailServiceProvider?: stringemailServiceProviderFallback?: stringemailServiceTemplateId?: stringloginPageURL?: string}
Was this helpful?