wxc_sdk.authorizations package

Bases: ApiModel

id: str | None: The unique authorization identifier.

application_id: str | None: The unique identifier for the application.

application_name: str | None: The name of the Integration.

client_id: str | None: The unique oAuth client id.

created: datetime | None: The date and time the authorization was created.

type: AuthorizationType | None: The type of token associated with the authorization.

person_id: str | None

class wxc_sdk.authorizations.AuthorizationType(value=<no_arg>, names=None, module=None, qualname=None, type=None, start=1, boundary=None)[source]

Bases: str, SafeEnum

The type of token associated with the authorization.

refresh = 'refresh': refresh authorization used to create access tokens

access = 'access': access token authorization

class wxc_sdk.authorizations.AuthorizationsApi(*, session: RestSession, base: str | None = None)[source]

Bases: ApiChild

Authorizations are user grants to applications to act on the user’s behalf. Authorizations are how Integrations get authorized with specific access scopes in the oAuth client life-cycle. Integrations and some of the Webex service portals, like developer.webex.com, are all oAuth clients, each with their unique clientId.

Your application receives an API access token and a refresh token through the oAuth process. The access token is used to call Webex APIs for which the user authorized the scopes. Access tokens expire fairly frequently, while refresh tokens (when being regularly used) will be refreshed to last forever (see Using the Refresh Token for details).

In this API an authorization is synonymous with an API access token.

To provide admins with fine-grained token management control, you use the /authorizations API with the DELETE HTTP method to revoke access and refresh tokens.

Deleting a refresh token will revoke all associated access tokens as well. Deleting an access token will revoke the developers ability to call the APIs with it. Webex subsystems may cache the validity of the token for a short while longer after the authorization was deleted.

Admins can revoke user authorizations for users in their organization. When an admin deletes their own token, the clientId used to authorize the request must match the clientId used to generate the token.

To use the authorizations API in an Integration the scopes must include: identity:tokens_write, identity:tokens_read.

list(person_id: str | None = None, person_email: str | None = None) → list[Authorization][source]

Lists all authorizations for a user. Either personId or personEmail must be provided. This API does not support pagination.

Parameters:

person_id – List authorizations for this user id.
person_email – List authorizations for this user email.

Returns:

List of Authorizations

delete(authorization_id: str | None = None, client_id: str | None = None, org_id: str | None = None)[source]

Deletes an authorization, by authorization ID or client ID and org ID.

Specify the authorization Id in the authorizationId parameter in the URI which was listed in the list resource. The client_id parameter can be combined with org_id.

Parameters:

authorization_id (str) – The unique identifier for the authorization
client_id (str) – The unique oAuth client id.
org_id (str) – The ID of the organization. If no orgId is specified, use orgId from the OAuth token.

base = 'authorizations'