We’re trying to audit our OAuth client configurations across the organization. The goal is to list every existing client and programmatically verify that their assigned scopes match our baseline security policy. Currently, we are using the Genesys Cloud Terraform provider, but it doesn’t seem to have a data source that returns a flat list of all OAuth clients with their detailed scope arrays in a queryable format.
We attempted to hit the Admin API directly using GET /api/v2/admin/oauth/clients. The endpoint returns a list of clients, but the response payload is surprisingly sparse. It includes the id, name, and client_secret, but it completely omits the scopes array. To get the scopes, we would need to make a separate GET /api/v2/admin/oauth/clients/{id} call for every single client returned.
Here is the structure we are seeing in the list response:
[
{
"id": "a1b2c3d4-...
"name": "MyApp Client",
"client_secret": "***",
"created_date": "2023-01-01T00:00:00.000Z"
}
]
Is there a more efficient way to fetch the scopes without chaining N+1 API calls? We are worried about hitting rate limits if we have hundreds of clients. Also, is there a way to filter by scope directly in the query parameters? We’ve tried adding ?scopes=oauth:client:view but it doesn’t seem to filter the list, just the access token permissions. Any guidance on the best practice for this audit script would be appreciated.