Skip to main content

Get permissions associated with an access token.

GET 
https://api.iot.telenor.com/identity-access-management/token-permissions

Returns authorization related information for the specified access token. This endpoint can be used by authorizers to determine whether a user is allowed to access an API or not. It can also be used by GUI portals to provide a better UX experience by hiding pages and buttons the user is not allowed to access.

REST API authorizers should make use of the permissions property, which contains permissions grouped by resources. API authorizers must find the permissions associated with their resource and check for the presence of any required permissions when authorizing users. Permissions belonging to other resources should be discarded.

The solutions property determines which solutions a user has access to and depends on which domain the user belongs to. REST API authorizers may combine specific permissions with solutions when determining whether a user is allowed to access an endpoint or not.

GUI portal implementations wishing to provide better UX can use values present in solutions, roles, and/or accessRights to lock down functionality and hide content the user is not allowed to view. Note that this should be viewed as a UX improvement and NOT a substitute for API authorization checks. An API must always implement authorization checks based on which permissions a user has.

It is encouraged to cache this response but not for too long. Refer to relevant security guidelines when determining cache time-to-live.

If the token is invalid (e.g. if it has been revoked or expired) then a 401 response will be returned.

Responses

Contains all kinds of permissions associated with the access token.

Schema
    domainIddomainIdDefinition (string)required

    Hierarchical identifier for a domain. Used to identify which domain a user belongs to and whether a user has access to a domain.

    Example: abcd1234-efgh1234
    rolesroleNameDefinition (string)[]required

    Contains list of roles. Only the role's name is displayed.

    accessRightsaccessRightNameDefinition (string)[]required

    Contains a list of access rights. Only the access right's name is listed.

    solutionssolutionName (string)[]required

    Contains list of solutions.

    permissions objectrequired

    Permissions sorted by the resource they belong to.

    property name* permissionsDefinition

    List of permissions. Only the permission's name is listed

  • Array [
    • string

    Name of the permission.

    Example: domains-read
  • ]

Authorization: oauth2

name: oAuth2type: oauth2scopes: openidflows: {
  "authorizationCode": {
    "tokenUrl": "/auth/realms/telenor-iot/protocol/openid-connect/token",
    "authorizationUrl": "/auth/realms/telenor-iot/protocol/openid-connect/auth",
    "scopes": {
      "openid": "openid"
    }
  },
  "clientCredentials": {
    "tokenUrl": "/auth/realms/telenor-iot/protocol/openid-connect/token",
    "scopes": {
      "openid": "openid"
    }
  }
}
var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Get, "https://api.iot.telenor.com/identity-access-management/token-permissions");
request.Headers.Add("Accept", "application/json");
request.Headers.Add("Authorization", "Bearer <token>");
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
Console.WriteLine(await response.Content.ReadAsStringAsync());
Request Collapse all
Base URL
https://api.iot.telenor.com/identity-access-management
Auth
ResponseClear

Click the Send API Request button above and see the response here!