ApiManagementThird party apps
GET
/v2/mgmt/thirdparty/app/loadAuthorization
Descope Project ID and Management Key AuthorizationBearer <token>
Project ID:Management Key as bearer token.
In: header
Query Parameters
id?string
clientId?string
Loads a third party application by id in the structured scope-claim mapping model, using a valid management key. Legacy attributesScopes are converted to scopeClaimMapping and returned empty.
curl -X GET "https://api.descope.com/v2/mgmt/thirdparty/app/load"{ "app": { "id": "string", "name": "string", "description": "string", "clientId": "string", "logo": "string", "loginPageUrl": "string", "approvedCallbackUrls": [ "string" ], "permissionsScopes": [ { "name": "string", "description": "string", "optional": true, "values": [ "string" ] } ], "dynamic": true, "status": "string", "logoUrl": "string", "jwtBearerSettings": { "issuers": { "property1": { "jwksUri": "string", "signAlgorithm": "string", "userInfoUri": "string", "externalIdFieldName": "string" }, "property2": { "jwksUri": "string", "signAlgorithm": "string", "userInfoUri": "string", "externalIdFieldName": "string" } }, "jwtBearerGrantTypeAudienceToUse": "string", "jwtBearerGrantTypeScopeToUse": "string", "jwtBearerGrantTypeCustomClaimsToUse": "string" }, "sessionSettings": { "enabled": true, "refreshTokenExpiration": 0, "refreshTokenExpirationUnit": "string", "sessionTokenExpiration": 0, "sessionTokenExpirationUnit": "string", "userTemplateId": "string", "keyTemplateId": "string", "keySessionTokenExpiration": 0, "keySessionTokenExpirationUnit": "string" }, "nonConfidentialClient": true, "audienceWhitelist": [ "string" ], "forceAddAllAuthorizationInfo": true, "connectionsScopes": [ { "name": "string", "description": "string", "optional": true, "values": [ "string" ] } ], "defaultAudience": "string", "skipConsentScreen": true, "useResources": true, "customAttributes": { "attribute-key": "attribute-value" }, "cibaSettings": { "enabled": true, "expirationTime": 0, "expirationTimeUnit": "string", "emailServiceProvider": "string", "emailServiceProviderFallback": "string", "emailServiceTemplateId": "string", "loginPageURL": "string" }, "jarSettings": { "enforce": true, "publicKey": "string", "maxLifetimeSeconds": 0, "fapi": true }, "allowedTenants": [ "string" ], "clientType": "string", "forcePkce": true, "allowPartialScopes": true, "scopeClaimMapping": [ { "scope": "string", "claims": { "property1": "string", "property2": "string" }, "description": "string", "useProjectMapping": true, "mandatory": true } ] }}export interface Response {app?: {id?: stringname?: stringdescription?: stringclientId?: stringlogo?: stringloginPageUrl?: stringapprovedCallbackUrls?: string[]permissionsScopes?: {name?: stringdescription?: stringoptional?: booleanvalues?: string[]}[]dynamic?: booleanstatus?: stringlogoUrl?: stringjwtBearerSettings?: {issuers?: {[k: string]: IssuerSettings}jwtBearerGrantTypeAudienceToUse?: stringjwtBearerGrantTypeScopeToUse?: stringjwtBearerGrantTypeCustomClaimsToUse?: string}sessionSettings?: {enabled?: booleanrefreshTokenExpiration?: numberrefreshTokenExpirationUnit?: stringsessionTokenExpiration?: numbersessionTokenExpirationUnit?: stringuserTemplateId?: stringkeyTemplateId?: stringkeySessionTokenExpiration?: numberkeySessionTokenExpirationUnit?: string}nonConfidentialClient?: booleanaudienceWhitelist?: string[]forceAddAllAuthorizationInfo?: booleanconnectionsScopes?: {name?: stringdescription?: stringoptional?: booleanvalues?: string[]}[]defaultAudience?: stringskipConsentScreen?: booleanuseResources?: boolean/** * Custom attributes as key-value pairs. Keys must be strings; values can be strings, numbers, booleans, or arrays. */customAttributes?: {[k: string]: string}cibaSettings?: ThirdPartyApplicationCIBASettings/** * JAR (JWT-Secured Authorization Request, RFC 9101) settings for Third Party Applications */jarSettings?: {enforce?: booleanpublicKey?: stringmaxLifetimeSeconds?: numberfapi?: boolean}allowedTenants?: string[]clientType?: stringforcePkce?: booleanallowPartialScopes?: booleanscopeClaimMapping?: {scope?: string/** * claims is consulted only when useProjectMapping is false. When useProjectMapping is true, * the project-wide mapping's entry for `scope` provides the claims and this field is ignored. */claims?: {[k: string]: string}description?: string/** * useProjectMapping, when true, reuses the project-wide ScopeClaimMapping's entry for this * scope (the app's `claims` field is ignored). Default false uses the app's own `claims`. */useProjectMapping?: boolean/** * mandatory, when true, means the scope is always granted and cannot be deselected by the * user on the consent screen. Mirrors the inverse of the legacy ApplicationScope.optional. */mandatory?: boolean}[]}}export interface IssuerSettings {jwksUri?: stringsignAlgorithm?: stringuserInfoUri?: stringexternalIdFieldName?: string}export interface ThirdPartyApplicationCIBASettings {enabled?: booleanexpirationTime?: numberexpirationTimeUnit?: stringemailServiceProvider?: stringemailServiceProviderFallback?: stringemailServiceTemplateId?: stringloginPageURL?: string} Was this helpful?