Trying to audit our OAuth clients programmatically before rolling out a new integration. The goal is simple: list all clients in the org and verify their assigned scopes via code, rather than clicking through the admin UI for fifty different apps. I’m using the Genesys Cloud Python SDK. The call to oauth_api.list_oauth_clients() works fine and returns a 200 OK. I get the client ID, name, and redirect URIs. But the scopes field in the JSON response is always an empty array [] for every client, even those I know have admin:users:view or :queue:view.
Here’s the snippet I’m running:
from genesyscloud.rest import Configuration
from genesyscloud.oauth_api import OAuthApi
config = Configuration(...)
api_instance = OAuthApi(api_client=ApiClient(config))
try:
result = api_instance.list_oauth_clients()
for client in result.entities:
print(f"Client: {client.name}, Scopes: {client.scopes}")
except ApiException as e:
print("Exception: %s\n" % e)
The output is consistently Scopes: []. I checked the Genesys Cloud UI, and the client definitely has scopes assigned. I’m logged in as a super admin with full OAuth management rights. Is there a separate endpoint to fetch the scope details? Or does the list_oauth_clients endpoint require a specific query parameter to expand the scope objects? The documentation for /api/v2/oauth/clients mentions returning a OAuthClientEntity list, but doesn’t explicitly state if scopes are included in the default projection. I’ve tried adding expand=scopes to the query string, but that just returns a 400 Bad Request saying the parameter is invalid. Feels like I’m missing a basic auth step or the SDK is stripping the data. Need this to automate our compliance checks.