Get User Provider Token | API Reference | Descope Documentation

API ReferenceManagementUsers

Authorization

Descope Project ID and Management Key

AuthorizationBearer <token>

Project ID:Management Key as bearer token.

In: header

Query Parameters

loginId?string

provider?string

withRefreshToken?boolean

forceRefresh?boolean

Get an existing user's provider token, using a valid management key.

This API endpoint will loads the user's access token generated by the OAuth/OIDC provider, using a valid management key. When querying for OAuth providers, this only applies when utilizing your own account with the provider and have selected Manage tokens from provider selected under the social auth methods.

Query Params

loginId - The loginId of the user you want to get the provider token for.
provider - The provider you want to get the token for.
withRefreshToken (optional) - set to true to also return the refresh token.
forceRefresh (optional) - set to true to force a refresh of the token.

See also

See Manage Users for further details on managing users.
See The User Object for further details on the user object.
See Provider Options for a the out of the box list of providers.

curl -X GET "https://api.descope.com/v1/mgmt/user/provider/token"

ResponseOK

{  "provider": "string",  "providerUserId": "string",  "accessToken": "string",  "expiration": 0,  "scopes": [    "string"  ],  "refreshToken": "string"}

TypeScript

export interface Response {provider?: stringproviderUserId?: stringaccessToken?: stringexpiration?: numberscopes?: string[]refreshToken?: string}

Was this helpful?

Ask AI about this page

Load User GET

### Load a user's data, using a valid management key. This API endpoint takes the user's loginId and then returns details of a user utilizing a valid management key. The response includes the following; however, there are additional items in the response that you can see below by expanding the response 200 OK. - loginIds - userId - name - email - phone - verified settings (phone, email) - Tenant configurations - which tenantIds, which roleNames _Note: Suppose you frequently load a user for a specific user detail, such as their email address or a particular custom attribute. In that case, you can save execution time and additional API/SDK calls to load the user by adding the items to the custom claim. For details on adding items to the custom claims, see [this documentation](/security-best-practices/custom-claims#using-custom-claims-within-descope-flows)._ _Note: If you have access to all federated applications, the list will return as an empty array. Descope allows you to restrict which apps each user has access to, but by default gives access to all applications._ ### Next Steps Once you have this data, you can utilize the response to prepare the payload to perform an [Update](/api/management/users/update-user) on the user. ### See also - See [Manage Users](/manage/users) for further details on managing users. - See [The User Object](/api/overview#the-user-object) for further details on the user object.

Search Users POST

Search users, using a valid management key.