Hey everyone,
I’m hitting a bit of a wall with the CX-as-Code provider again. We’ve got about 60 OAuth clients scattered across three divisions, and I need to write a Terraform script that audits their scope assignments. The goal is to ensure every client has the oauth:client:read and oauth:client:write scopes, plus a few custom ones we defined for our internal tools.
The problem is, the standard GET /api/v2/oauth/clients endpoint only returns the basic info. Name, client ID, redirect URIs, that stuff. It doesn’t give me the scopes. I tried adding the expand=permissions query parameter like the docs suggest for other resources, but it just ignores it. The response payload stays exactly the same.
Here’s what I’m getting back:
[
{
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"name": "Internal Analytics Tool",
"client_id": "some-client-id",
"redirect_uris": ["https://example.com/callback"],
"grant_types": ["client_credentials"],
"division_id": "default"
}
]
No scopes. Nada.
I know I can hit GET /api/v2/oauth/clients/{id} for each one individually, but that’s 60 separate API calls. It feels inefficient, and Terraform’s for_each loop is going to make the plan phase take forever if I have to do that. Plus, the provider’s genesyscloud_oauth_client data source seems to rely on this list endpoint.
Is there a way to bulk-fetch the scopes? Or am I stuck writing a pre-plan script in Python to fetch each client’s details and export a JSON file for Terraform to consume? I’ve checked the Swagger docs, and there’s no obvious “list clients with scopes” endpoint.
Anyone else run into this when trying to automate OAuth client management? The state drift is already a mess because we manually created these clients years ago, and now we’re trying to bring them under IaC control. It’s frustrating that the list endpoint is so limited.