Here’s the response I’m getting from GET /api/v2/oauth/clients using the Python SDK:
{
"id": "client-123",
"name": "Integration Bot",
"description": "Test client",
"redirectUri": "https://example.com/callback"
}
I need to programmatically verify the scopes assigned to these clients. The goal is to build a script that iterates through all OAuth clients in the org and flags any that have admin:all or other overly permissive scopes.
The list endpoint doesn’t seem to return the scopes array. I’ve tried adding ?expand=scopes to the query string, but the SDK doesn’t expose that parameter in the list_oauth_clients method. I also checked the raw HTTP request and the response is still missing the scope data.
Is there a separate endpoint I need to hit for each client ID? Or is there a way to force the SDK to include the scopes in the initial list call? I’ve looked at the OpenAPI spec but it’s not clear if the expansion is supported for this resource.
Any ideas on how to fetch the scope assignments without making N+1 calls?