> ## Documentation Index
> Fetch the complete documentation index at: https://docs.timbrix.mx/llms.txt
> Use this file to discover all available pages before exploring further.

# List OAuth Tokens

> ⚠️ SECURITY: Lists all active tokens for an OAuth application. Only OWNERS and ADMINS can view tokens. Useful for auditing and token management.

Lists all active tokens for an OAuth application. Only **OWNERS** and **ADMINS** can view tokens.

## Permissions

Only **OWNERS** and **ADMINS** can list tokens for OAuth applications.

## Path Parameters

| Parameter  | Type   | Required | Description                 |
| ---------- | ------ | -------- | --------------------------- |
| `clientId` | string | Yes      | OAuth application client ID |

## Example Request

```bash theme={null}
curl -X GET http://localhost:3001/api/oauth/apps/app_1234567890abcdef/tokens \
  -H "Authorization: Bearer <token>"
```

## Example Response

```json theme={null}
[
  {
    "id": "token_1234567890abcdef",
    "userId": "550e8400-e29b-41d4-a716-446655440000",
    "scopes": ["read:user", "read:organization"],
    "expiresAt": "2025-01-27T10:00:00Z",
    "createdAt": "2025-01-26T10:00:00Z",
    "lastUsedAt": "2025-01-26T15:30:00Z"
  }
]
```

## Use Cases

* Audit active tokens for security
* Monitor token usage
* Identify unused tokens for cleanup
* Track token expiration dates

## Common Errors

### 401 Unauthorized

Authentication required.

### 403 Forbidden

Only owners and admins can view tokens.

### 404 Not Found

OAuth application not found with the provided client ID.


## OpenAPI

````yaml GET /oauth/apps/{clientId}/tokens
openapi: 3.1.0
info:
  title: Timbrix API
  description: >-
    REST API with OAuth2 server for managing organizations, members, and
    webhooks
  version: '1.0'
  contact: {}
servers:
  - url: http://sandbox.mintlify.com
    description: Sandbox environment
  - url: http://localhost:3001/api
    description: Local development
security: []
tags:
  - name: organizations
    description: Organization management endpoints
  - name: oauth
    description: OAuth2 authentication and authorization
  - name: webhooks
    description: Webhook configuration and delivery
  - name: users
    description: User information endpoints
  - name: api-keys
    description: API Keys management and validation
paths:
  /oauth/apps/{clientId}/tokens:
    get:
      tags:
        - oauth
      summary: List tokens for OAuth application
      description: >-
        ⚠️ SECURITY: Lists all active tokens for an OAuth application. Only
        OWNERS and ADMINS can view tokens. Useful for auditing and token
        management.
      operationId: OAuthController_listTokens
      parameters:
        - name: clientId
          required: true
          in: path
          schema:
            type: string
      responses:
        '200':
          description: >-
            Tokens retrieved successfully. Returns array of tokens with scopes,
            expiration, and usage info.
        '401':
          description: Authentication required. Provide a valid bearer token.
        '403':
          description: Access denied. Only owners and admins can view tokens.
        '404':
          description: OAuth application not found with the provided client ID.
      security:
        - bearer: []
components:
  securitySchemes:
    bearer:
      scheme: bearer
      bearerFormat: JWT
      type: http

````