How should I properly to list all OAuth clients in an org and check their scope assignments programmatically
Background
I am building an audit script using the Python SDK to verify least-privilege compliance across client applications. I need to iterate through every registered client and inspect their assigned scopes.
Issue
The oauth_api.get_oauth_client(client_id) endpoint requires a specific client_id. There is no apparent list_oauth_clients method in the SDK. Calling oauth_api.get_oauth_clients() returns a 403 Forbidden error despite using an admin token with oauth:client:read.
Troubleshooting
- Verified token has
oauth:client:readandadminscopes. - Checked API docs; no bulk retrieval endpoint listed under
/api/v2/oauth/clients. - Attempted to guess IDs via sequential integers; rate-limited after 50 attempts.
Is there a hidden bulk endpoint or do I need to query the internal database directly?