:doc:`SSOAdmin <../../sso-admin>` / Client / list_application_grants

***********************
list_application_grants
***********************



.. py:method:: SSOAdmin.Client.list_application_grants(**kwargs)

  

  List the grants associated with an application.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListApplicationGrants>`_  


  **Request Syntax**
  ::

    response = client.list_application_grants(
        ApplicationArn='string',
        NextToken='string'
    )
    
  :type ApplicationArn: string
  :param ApplicationArn: **[REQUIRED]** 

    Specifies the ARN of the application whose grants you want to list.

    

  
  :type NextToken: string
  :param NextToken: 

    Specifies that you want to receive the next page of results. Valid only if you received a ``NextToken`` response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's ``NextToken`` response to request the next page of results.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'Grants': [
              {
                  'GrantType': 'authorization_code'|'refresh_token'|'urn:ietf:params:oauth:grant-type:jwt-bearer'|'urn:ietf:params:oauth:grant-type:token-exchange',
                  'Grant': {
                      'AuthorizationCode': {
                          'RedirectUris': [
                              'string',
                          ]
                      },
                      'JwtBearer': {
                          'AuthorizedTokenIssuers': [
                              {
                                  'TrustedTokenIssuerArn': 'string',
                                  'AuthorizedAudiences': [
                                      'string',
                                  ]
                              },
                          ]
                      },
                      'RefreshToken': {},
                      'TokenExchange': {}
                  }
              },
          ],
          'NextToken': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **Grants** *(list) --* 

        An array list of structures that describe the requested grants.

        
        

        - *(dict) --* 

          A structure that defines a single grant and its configuration.

          
          

          - **GrantType** *(string) --* 

            The type of the selected grant.

            
          

          - **Grant** *(dict) --* 

            The configuration structure for the selected grant.

            .. note::    This is a Tagged Union structure. Only one of the     following top level keys will be set: ``AuthorizationCode``, ``JwtBearer``, ``RefreshToken``, ``TokenExchange``.     If a client receives an unknown member it will     set ``SDK_UNKNOWN_MEMBER`` as the top level key,     which maps to the name or tag of the unknown     member. The structure of ``SDK_UNKNOWN_MEMBER`` is     as follows::

                        'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}


          
            

            - **AuthorizationCode** *(dict) --* 

              Configuration options for the ``authorization_code`` grant type.

              
              

              - **RedirectUris** *(list) --* 

                A list of URIs that are valid locations to redirect a user's browser after the user is authorized.

                 

                .. note::

                  

                  RedirectUris is required when the grant type is ``authorization_code``.

                  

                
                

                - *(string) --* 
            
          
            

            - **JwtBearer** *(dict) --* 

              Configuration options for the ``urn:ietf:params:oauth:grant-type:jwt-bearer`` grant type.

              
              

              - **AuthorizedTokenIssuers** *(list) --* 

                A list of allowed token issuers trusted by the Identity Center instances for this application.

                 

                .. note::

                  

                  ``AuthorizedTokenIssuers`` is required when the grant type is ``JwtBearerGrant``.

                  

                
                

                - *(dict) --* 

                  A structure that describes a trusted token issuer and associates it with a set of authorized audiences.

                  
                  

                  - **TrustedTokenIssuerArn** *(string) --* 

                    The ARN of the trusted token issuer.

                    
                  

                  - **AuthorizedAudiences** *(list) --* 

                    An array list of authorized audiences, or applications, that can consume the tokens generated by the associated trusted token issuer.

                    
                    

                    - *(string) --* 
                
              
            
          
            

            - **RefreshToken** *(dict) --* 

              Configuration options for the ``refresh_token`` grant type.

              
          
            

            - **TokenExchange** *(dict) --* 

              Configuration options for the ``urn:ietf:params:oauth:grant-type:token-exchange`` grant type.

              
          
        
      
    
      

      - **NextToken** *(string) --* 

        If present, this value indicates that more output is available than is included in the current response. Use this value in the ``NextToken`` request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the ``NextToken`` response element comes back as ``null``. This indicates that this is the last page of results.

        
  
  **Exceptions**
  
  *   :py:class:`SSOAdmin.Client.exceptions.ThrottlingException`

  
  *   :py:class:`SSOAdmin.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`SSOAdmin.Client.exceptions.InternalServerException`

  
  *   :py:class:`SSOAdmin.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`SSOAdmin.Client.exceptions.ValidationException`

  