Privicore
  1. OAuth Application
Privicore
  • Privicore API
  • Utility
    • Utility
    • Check server health
      GET
    • Request command id status
      GET
  • Profile
    • Profile Model and Authentication Workflow
    • Register new profile
      POST
    • Authenticate
      POST
    • Retrieve profile id
      GET
    • Change password
      POST
    • Generate qr token for authorization
      POST
    • Reauthorize authorization token
      POST
    • Revoke authorization token
      POST
    • Retrieve token expiry
      POST
  • OAuth Application
    • OAuth Application Management
    • Register OAuth Application
      POST
    • Retrieve OAuth app configuration
      POST
    • Request OAuth app authorization code
      GET
    • Retrieve OAuth app authorization code
      POST
    • Obtain OAuth app access token
      POST
    • OAuth application list
      GET
    • Retrieve OAuth application scope
      GET
    • Refresh OAuth app access token
      POST
  • Public key
    • Generate your private and public keys
      GET
    • Register public key
      POST
    • Retrieve public key
      GET
    • Retrieve CAB public key
      GET
  • Data Token
    • Reserve token space
    • Retrieve temporary data token
    • Exchange data for token
    • Upstream file via stream auth
    • Request data via token
    • Download data
    • Configure information security risk meta
    • Configure file meta
    • List data tokens
    • Update data token
    • Delete data
    • Get data token transaction count statistics.
  • Device
    • Request unique identifier (i.e. Register new device)
    • Retrieve unique identifier
    • Retrieve profile devices
    • Configure device meta
    • Approve device
    • Reject device
    • Retrieve device configuration
    • Remove device
  • Storage
    • Register storage device
    • List storage devices
    • Synchronize device
    • Remove storage
  • Verified authenticator
    • Register authenticator
    • List verified authenticators
    • Retrieve voting strategy
    • Set quorum size
    • Set quorum strategy
    • Set voting time limit
    • Set maximum voting attempts
    • Remove authenticator
    • Register voting configuration
    • Update voting configuration
    • List voting configurations
    • Retrieve voting configuration
  • Policy
    • List policy templates
    • Register policy
    • List active policies
    • List inactive policies
    • Activate policy
    • Deactivate policy
    • Delete policy
    • List registered policies
    • Retrieve registered policy
  • Directory
    • Register Directory
    • Retrieve owned Directories
    • Retrieve assigned directories
    • Retrieve Directory
    • Create Directory User
    • Update user information
    • Invite Profile
    • Set profile password
    • List Directory Invites
    • Process Invitation
    • Retrieve directory profile
    • List directory users
    • Directory profiles info
    • Create profile device
    • Add storage device to profile
    • List directory devices
    • Create directory voting pool
    • Store directory meta information
  • Voting
    • Create voting
    • Check pool status
  1. OAuth Application

OAuth Application Management

Introduction#

OAuth Applications provide a secure framework for delegating access to your profile without sharing your credentials. When you grant access through an OAuth Application, you maintain control over what actions can be performed and can track who is acting on your behalf.

Why Use OAuth Applications?#

Identity and Accountability#

Without OAuth Applications, sharing your authorization token means anyone with that token can act as you with full access to your profile. This creates two critical problems:
Lack of attribution: You cannot distinguish which third party performed which actions
Unrestricted access: The token holder has complete access to all your profile capabilities
OAuth Applications solve these issues by creating distinct identities for each third-party integration.

Scoped Permissions#

OAuth Applications can be configured with specific scopes that limit what actions the application can perform. This principle of least privilege ensures that third parties only have access to the features they genuinely need, reducing the security risk if a token is compromised.

Token Lifecycle Control#

Each OAuth Application maintains its own tokens, separate from your primary profile token. This allows you to:
Revoke access to specific applications without affecting others
Monitor token usage per application
Set different expiration policies for different integrations

How OAuth Applications Work#

1.
Register Application: Create an OAuth Application with a name and required scopes
2.
Request Authorization: The application requests an authorization code from your profile
3.
Exchange Code for Token: The authorization code is exchanged for an access token
4.
Use Scoped Token: The application uses the token to perform actions within its defined scope
5.
Refresh Token: When the token expires, refresh it to maintain access without re-authorization
6.
Manage Applications: View all registered applications and revoke access as needed

Key Benefits#

Granular access control through scope-based permissions
Audit trail showing which application performed which actions
Selective revocation without disrupting other integrations
Security isolation between different third-party services

OAuth Application Workflow#

Profile → Register OAuth App → Configure Scopes
                    ↓
Third Party → Request Authorization Code
                    ↓
Exchange Code → Obtain Access Token
                    ↓
Use Token → Perform Scoped Actions
                    ↓
Token Expires → Refresh Token (optional)
Modified at 2025-12-02 17:24:04
Previous
Retrieve token expiry
Next
Register OAuth Application
Built with