ApiManagementThird party apps
POST
/v2/mgmt/thirdparty/app/patch

Authorization

Descope Project ID and Management Key
AuthorizationBearer <token>

Project ID:Management Key as bearer token.

In: header

Request Body

application/json

id?string
name?string
description?string
logo?string
loginPageUrl?string
approvedCallbackUrls?array<string>
string
permissionsScopes?array<managementv1.ApplicationScope>
logoUrl?string
jwtBearerSettings?object
sessionSettings?object
audienceWhitelist?array<string>
string
forceAddAllAuthorizationInfo?boolean
connectionsScopes?array<managementv1.ApplicationScope>
defaultAudience?string
customAttributes?object

Custom attributes as key-value pairs. Keys must be strings; values can be strings, numbers, booleans, or arrays.

Example{ "attribute-key": "attribute-value" }
cibaSettings?object
jarSettings?object

JAR (JWT-Secured Authorization Request, RFC 9101) settings for Third Party Applications

allowedTenants?array<string>
string
clientType?string
clientCredentialsDisabled?boolean
jwtBearerDisabled?boolean
cibaEnabled?boolean
forcePkce?boolean
allowPartialScopes?boolean
scopeClaimMapping?array<AppScopeClaimMappingEntry>

scopeClaimMapping replaces the stored mapping when provided; when absent the existing mapping is preserved. Either way the legacy attributesScopes are cleared (v2 write-replace).

Patch a third party application using the structured scope-claim mapping model, using a valid management key. Only the fields present in the request change; the legacy attributesScopes field is cleared.

curl -X POST "https://api.descope.com/v2/mgmt/thirdparty/app/patch" \  -H "Content-Type: application/json" \  -d '{}'
Was this helpful?