Authorization
Descope Project ID and Management Key Project ID:Management Key as bearer token.
In: header
Query Parameters
Get an existing user's provider token, using a valid management key.
This API endpoint will loads the user's access token generated by the OAuth/OIDC provider, using a valid management key. When querying for OAuth providers, this only applies when utilizing your own account with the provider and have selected Manage tokens from provider selected under the social auth methods.
Query Params
loginId- The loginId of the user you want to get the provider token for.provider- The provider you want to get the token for.withRefreshToken (optional)- set to true to also return the refresh token.forceRefresh (optional)- set to true to force a refresh of the token.
See also
- See Manage Users for further details on managing users.
- See The User Object for further details on the user object.
- See Provider Options for a the out of the box list of providers.
curl -X GET "https://api.descope.com/v1/mgmt/user/provider/token"{ "provider": "string", "providerUserId": "string", "accessToken": "string", "expiration": 0, "scopes": [ "string" ], "refreshToken": "string"}export interface Response {provider?: stringproviderUserId?: stringaccessToken?: stringexpiration?: numberscopes?: string[]refreshToken?: string}Load User GET
### Load a user's data, using a valid management key. This API endpoint takes the user's loginId and then returns details of a user utilizing a valid management key. The response includes the following; however, there are additional items in the response that you can see below by expanding the response 200 OK. - loginIds - userId - name - email - phone - verified settings (phone, email) - Tenant configurations - which tenantIds, which roleNames _Note: Suppose you frequently load a user for a specific user detail, such as their email address or a particular custom attribute. In that case, you can save execution time and additional API/SDK calls to load the user by adding the items to the custom claim. For details on adding items to the custom claims, see [this documentation](/security-best-practices/custom-claims#using-custom-claims-within-descope-flows)._ _Note: If you have access to all federated applications, the list will return as an empty array. Descope allows you to restrict which apps each user has access to, but by default gives access to all applications._ ### Next Steps Once you have this data, you can utilize the response to prepare the payload to perform an [Update](/api/management/users/update-user) on the user. ### See also - See [Manage Users](/manage/users) for further details on managing users. - See [The User Object](/api/overview#the-user-object) for further details on the user object.
Search Users POST
### Search for users, using a valid management key. This API endpoint will search for users utilizing a valid management key. Searches can be defined with any combination of roles or tenants. You can also only send the request with an empty payload to return all users. The response will include the following details on all users within an array of objects: - loginIds - userId - name - email - phone - verified settings (phone, email) - Tenant configurations (tenantIds, roleNames) ### Next Steps You can then parse through the response in order to find any users which you may need to delete, update, etc. ### See also - See [Manage Users](/manage/users) for further details on managing users. - See [The User Object](/api/overview#the-user-object) for further details on the user object.