> ## Documentation Index > Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt > Use this file to discover all available pages before exploring further. # Search Grants > Search grants (user-to-entitlement bindings) across apps, with filters for app, user, resource type, and entitlement. ## OpenAPI ````yaml https://spec.speakeasy.com/conductor-one/conductorone/my-source-with-code-samples post /api/v1/search/grants openapi: 3.1.0 info: description: The C1 API is a HTTP API for managing C1 resources. title: C1 API version: 0.1.0-alpha servers: - description: The C1 API server for the current tenant. url: https://{tenantDomain}.conductor.one variables: tenantDomain: default: example description: The domain of the tenant to use for this request. security: - bearerAuth: [] oauth: [] paths: /api/v1/search/grants: post: tags: - App Entitlement summary: Search Grants description: >- Search grants (user-to-entitlement bindings) across apps, with filters for app, user, resource type, and entitlement. operationId: c1.api.app.v1.AppEntitlementSearchService.SearchGrants requestBody: content: application/json: schema: $ref: >- #/components/schemas/c1.api.app.v1.AppEntitlementSearchServiceSearchGrantsRequest responses: '200': content: application/json: schema: $ref: >- #/components/schemas/c1.api.app.v1.AppEntitlementSearchServiceSearchGrantsResponse description: Successful response x-codeSamples: - lang: go label: SearchGrants source: "package main\n\nimport(\n\t\"context\"\n\t\"github.com/conductorone/conductorone-sdk-go/pkg/models/shared\"\n\tconductoronesdkgo \"github.com/conductorone/conductorone-sdk-go\"\n\t\"log\"\n)\n\nfunc main() {\n ctx := context.Background()\n\n s := conductoronesdkgo.New(\n conductoronesdkgo.WithSecurity(shared.Security{\n BearerAuth: \"\",\n Oauth: \"\",\n }),\n )\n\n res, err := s.AppEntitlementSearch.SearchGrants(ctx, nil)\n if err != nil {\n log.Fatal(err)\n }\n if res.AppEntitlementSearchServiceSearchGrantsResponse != nil {\n // handle response\n }\n}" - lang: typescript label: Typescript (SDK) source: >- import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript"; const conductoroneSDKTypescript = new ConductoroneSDKTypescript({ security: { bearerAuth: "", oauth: "", }, }); async function run() { const result = await conductoroneSDKTypescript.appEntitlementSearch.searchGrants(); console.log(result); } run(); components: schemas: c1.api.app.v1.AppEntitlementSearchServiceSearchGrantsRequest: description: The AppEntitlementSearchServiceSearchGrantsRequest message. properties: appIds: description: Search for grants contained in any of these apps. items: type: string nullable: true readOnly: false type: array appUserIds: description: Search for grants that are granted to any of these app user ids. items: type: string nullable: true readOnly: false type: array entitlementRefs: description: Search for grants of an entitlement items: $ref: '#/components/schemas/c1.api.app.v1.AppEntitlementRef' nullable: true readOnly: false type: array entitlementSlugs: description: >- Filter for entitlements whose slug is in this list (e.g. "enrollment" for access profiles) items: type: string nullable: true readOnly: false type: array expandMask: $ref: '#/components/schemas/c1.api.app.v1.AppEntitlementExpandMask' pageSize: description: >- The pageSize where 0 <= pageSize <= 100. Values < 10 will be set to 10. A value of 0 returns the default page size (currently 25) format: int32 readOnly: false type: integer pageToken: description: The pageToken field. readOnly: false type: string purpose: description: >- Filter for entitlements with these purposes (e.g., ASSIGNMENT for membership entitlements) items: enum: - APP_ENTITLEMENT_PURPOSE_VALUE_UNSPECIFIED - APP_ENTITLEMENT_PURPOSE_VALUE_ASSIGNMENT - APP_ENTITLEMENT_PURPOSE_VALUE_PERMISSION - APP_ENTITLEMENT_PURPOSE_VALUE_OWNERSHIP type: string x-speakeasy-unknown-values: allow nullable: true readOnly: false type: array resourceIds: description: Search for grants within a resource. items: type: string nullable: true readOnly: false type: array resourceTypeIds: description: Search grants for given resource types. items: type: string nullable: true readOnly: false type: array userId: description: Search for grants of a user readOnly: false type: string title: App Entitlement Search Service Search Grants Request type: object x-speakeasy-name-override: AppEntitlementSearchServiceSearchGrantsRequest c1.api.app.v1.AppEntitlementSearchServiceSearchGrantsResponse: description: The AppEntitlementSearchServiceSearchGrantsResponse message. properties: expanded: description: The expanded field. items: additionalProperties: true description: >- Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. properties: '@type': description: The type of the serialized message. type: string readOnly: false type: object nullable: true readOnly: false type: array list: description: The list field. items: $ref: '#/components/schemas/c1.api.app.v1.AppEntitlementWithUserBinding' nullable: true readOnly: false type: array nextPageToken: description: The nextPageToken field. readOnly: false type: string title: App Entitlement Search Service Search Grants Response type: object x-speakeasy-name-override: AppEntitlementSearchServiceSearchGrantsResponse c1.api.app.v1.AppEntitlementRef: description: The AppEntitlementRef message. properties: appId: description: The appId field. readOnly: false type: string id: description: The id field. readOnly: false type: string title: App Entitlement Ref type: object x-speakeasy-name-override: AppEntitlementRef c1.api.app.v1.AppEntitlementExpandMask: description: >- The app entitlement expand mask allows the user to get additional information when getting responses containing app entitlement views. properties: paths: description: >- Array of strings to describe which items to expand on the return value. Can be any combination of "*", "app_id", "app_resource_type_id", or "app_resource_id". items: type: string nullable: true readOnly: false type: array title: App Entitlement Expand Mask type: object x-speakeasy-name-override: AppEntitlementExpandMask c1.api.app.v1.AppEntitlementWithUserBinding: description: The AppEntitlementWithUserBinding message. properties: appEntitlementUserBinding: $ref: '#/components/schemas/c1.api.app.v1.AppEntitlementUserView' entitlement: $ref: '#/components/schemas/c1.api.app.v1.AppEntitlementView' title: App Entitlement With User Binding type: object x-speakeasy-name-override: AppEntitlementWithUserBinding c1.api.app.v1.AppEntitlementUserView: description: >- The AppEntitlementUserView (aka grant view) describes the relationship between an app user and an entitlement. They have more recently been referred to as grants. properties: appEntitlementUserBindingCreatedAt: format: date-time readOnly: true type: string appEntitlementUserBindingDeprovisionAt: format: date-time readOnly: true type: string appUser: $ref: '#/components/schemas/c1.api.app.v1.AppUserView' grantSources: description: List of sources for the grant, ie. groups, roles, etc. items: $ref: '#/components/schemas/c1.api.app.v1.AppEntitlementRef' nullable: true readOnly: false type: array originatingTicketId: description: >- The originating ticket ID for the grant (e.g. from a request ticket). readOnly: false type: string title: App Entitlement User View type: object x-speakeasy-name-override: AppEntitlementUserView c1.api.app.v1.AppEntitlementView: description: >- The app entitlement view contains the serialized app entitlement and paths to objects referenced by the app entitlement. properties: appEntitlement: $ref: '#/components/schemas/c1.api.app.v1.AppEntitlement' appPath: description: >- JSONPATH expression indicating the location of the App object in the array. readOnly: false type: string appResourcePath: description: >- JSONPATH expression indicating the location of the App Resource Type object in the expanded array. readOnly: false type: string appResourceTypePath: description: >- JSONPATH expression indicating the location of the App Resource object in the array. readOnly: false type: string objectPermissions: $ref: '#/components/schemas/c1.api.iam.v1.ActorObjectPermissions' title: App Entitlement View type: object x-speakeasy-name-override: AppEntitlementView c1.api.app.v1.AppUserView: description: >- The AppUserView contains an app user as well as paths for apps, identity users, and last usage in expanded arrays. properties: appPath: description: >- JSONPATH expression indicating where the app is expanded in expanded arrays indicated in the request. readOnly: false type: string appUser: $ref: '#/components/schemas/c1.api.app.v1.AppUser' identityUserPath: description: >- JSONPATH expression indicating where the identity user is expanded in expanded arrays indicated in the request. readOnly: false type: string lastUsagePath: description: >- JSONPATH expression indicating where the last usage information is expanded in expanded arrays indicated in the request. readOnly: false type: string title: App User View type: object x-speakeasy-name-override: AppUserView c1.api.app.v1.AppEntitlement: description: > The app entitlement represents one permission in a downstream App (SAAS) that can be granted. For example, GitHub Read vs GitHub Write. This message contains a oneof named max_grant_duration. Only a single field of the following list may be set at a time: - durationUnset - durationGrant properties: alias: description: >- The alias of the app entitlement used by Cone. Also exact-match queryable. readOnly: false type: string appId: description: The ID of the app that is associated with the app entitlement. readOnly: false type: string appResourceId: description: >- The ID of the app resource that is associated with the app entitlement readOnly: false type: string appResourceTypeId: description: >- The ID of the app resource type that is associated with the app entitlement readOnly: false type: string certifyPolicyId: description: >- The ID of the policy that will be used for certify tickets related to the app entitlement. readOnly: false type: string complianceFrameworkValueIds: description: >- The IDs of different compliance frameworks associated with this app entitlement ex (SOX, HIPAA, PCI, etc.) items: type: string nullable: true readOnly: false type: array createdAt: format: date-time readOnly: true type: string defaultValuesApplied: description: >- Flag to indicate if app-level access request defaults have been applied to the entitlement readOnly: false type: boolean deletedAt: format: date-time readOnly: true type: string deprovisionerPolicy: $ref: '#/components/schemas/c1.api.policy.v1.ProvisionPolicy' description: description: The description of the app entitlement. readOnly: false type: string displayName: description: The display name of the app entitlement. readOnly: false type: string durationGrant: format: duration readOnly: false type: string durationUnset: nullable: true readOnly: false type: object emergencyGrantEnabled: description: >- This enables tasks to be created in an emergency and use a selected emergency access policy. readOnly: false type: boolean emergencyGrantPolicyId: description: >- The ID of the policy that will be used for emergency access grant tasks. readOnly: false type: string externalId: description: >- The upstream product's native external ID for this entitlement (e.g. an Okta group ID). Populated from the connector's external ID during sync. readOnly: true type: string grantCount: description: The amount of grants open for this entitlement format: int64 readOnly: true type: string grantPolicyId: description: >- The ID of the policy that will be used for grant tickets related to the app entitlement. readOnly: false type: string id: description: The unique ID for the App Entitlement. readOnly: true type: string isAutomationEnabled: description: >- Flag to indicate whether automation (for adding users to entitlement based on rules) has been enabled. readOnly: true type: boolean isManuallyManaged: description: Flag to indicate if the app entitlement is manually managed. readOnly: false type: boolean matchBatonId: description: >- An identifier used to match this entitlement to a connector-synced entitlement during sync. readOnly: false type: string overrideAccessRequestsDefaults: description: >- Flag to indicate if the app-level access request settings have been overridden for the entitlement readOnly: false type: boolean provisionerPolicy: $ref: '#/components/schemas/c1.api.policy.v1.ProvisionPolicy' purpose: description: >- The purpose of this entitlement (e.g., assignment, permission, ownership). enum: - APP_ENTITLEMENT_PURPOSE_VALUE_UNSPECIFIED - APP_ENTITLEMENT_PURPOSE_VALUE_ASSIGNMENT - APP_ENTITLEMENT_PURPOSE_VALUE_PERMISSION - APP_ENTITLEMENT_PURPOSE_VALUE_OWNERSHIP readOnly: false type: string x-speakeasy-unknown-values: allow requestSchemaId: description: The ID of the request schema associated with this app entitlement. readOnly: false type: string revokePolicyId: description: >- The ID of the policy that will be used for revoke tickets related to the app entitlement readOnly: false type: string riskLevelValueId: description: The ID of the risk level assigned to this entitlement. readOnly: false type: string slug: description: >- The slug is displayed as an oval next to the name in the frontend of C1, it tells you what permission the entitlement grants. See https://www.conductorone.com/docs/product/admin/entitlements/ readOnly: false type: string sourceConnectorIds: additionalProperties: type: string description: Map to tell us which connector the entitlement came from. readOnly: false type: object systemBuiltin: description: This field indicates if this is a system builtin entitlement. readOnly: true type: boolean updatedAt: format: date-time readOnly: true type: string userEditedMask: nullable: true readOnly: false type: string title: App Entitlement type: object x-speakeasy-entity: Custom App Entitlement x-speakeasy-name-override: AppEntitlement c1.api.iam.v1.ActorObjectPermissions: description: The ActorObjectPermissions message. properties: delete: description: The delete field. readOnly: false type: boolean edit: description: The edit field. readOnly: false type: boolean extra: additionalProperties: type: boolean description: The extra field. readOnly: false type: object read: description: The read field. readOnly: false type: boolean title: Actor Object Permissions type: object x-speakeasy-name-override: ActorObjectPermissions c1.api.app.v1.AppUser: description: Application User that represents an account in the application. properties: appId: description: The ID of the application. readOnly: true type: string appUserType: description: The appplication user type. Type can be user, system or service. enum: - APP_USER_TYPE_UNSPECIFIED - APP_USER_TYPE_USER - APP_USER_TYPE_SERVICE_ACCOUNT - APP_USER_TYPE_SYSTEM_ACCOUNT readOnly: false type: string x-speakeasy-unknown-values: allow createdAt: format: date-time readOnly: true type: string deletedAt: format: date-time readOnly: true type: string displayName: description: The display name of the application user. readOnly: true type: string email: description: The email field of the application user. readOnly: true type: string emails: description: The emails field of the application user. items: type: string nullable: true readOnly: true type: array employeeIds: description: The employee IDs field of the application user. items: type: string nullable: true readOnly: true type: array id: description: A unique idenditfier of the application user. readOnly: true type: string identityUserId: description: The conductor one user ID of the account owner. readOnly: true type: string isExternal: description: The isExternal field. readOnly: true type: boolean profile: additionalProperties: true readOnly: true type: object status: $ref: '#/components/schemas/c1.api.app.v1.AppUserStatus' updatedAt: format: date-time readOnly: true type: string username: description: The username field of the application user. readOnly: true type: string usernames: description: The usernames field of the application user. items: type: string nullable: true readOnly: true type: array title: App User type: object x-speakeasy-name-override: AppUser c1.api.policy.v1.ProvisionPolicy: description: > ProvisionPolicy is a oneOf that indicates how a provision step should be processed. This message contains a oneof named typ. Only a single field of the following list may be set at a time: - connector - manual - delegated - webhook - multiStep - externalTicket - unconfigured - action properties: action: $ref: '#/components/schemas/c1.api.policy.v1.ActionProvision' connector: $ref: '#/components/schemas/c1.api.policy.v1.ConnectorProvision' delegated: $ref: '#/components/schemas/c1.api.policy.v1.DelegatedProvision' externalTicket: $ref: '#/components/schemas/c1.api.policy.v1.ExternalTicketProvision' manual: $ref: '#/components/schemas/c1.api.policy.v1.ManualProvision' multiStep: $ref: '#/components/schemas/c1.api.policy.v1.MultiStep' unconfigured: $ref: '#/components/schemas/c1.api.policy.v1.UnconfiguredProvision' webhook: $ref: '#/components/schemas/c1.api.policy.v1.WebhookProvision' title: Provision Policy type: object x-speakeasy-name-override: ProvisionPolicy c1.api.app.v1.AppUserStatus: description: The satus of the applicaiton user. properties: details: description: The details of applicaiton user status. readOnly: true type: string status: description: The application user status field. enum: - STATUS_UNSPECIFIED - STATUS_ENABLED - STATUS_DISABLED - STATUS_DELETED readOnly: true type: string x-speakeasy-unknown-values: allow title: App User Status type: object x-speakeasy-name-override: AppUserStatus c1.api.policy.v1.ActionProvision: description: >- This provision step indicates that account lifecycle action should be called to provision this entitlement. nullable: true properties: actionName: description: The actionName field. readOnly: false type: string appId: description: The appId field. readOnly: false type: string connectorId: description: The connectorId field. readOnly: false type: string displayName: description: The displayName field. readOnly: false type: string title: Action Provision type: object x-speakeasy-name-override: ActionProvision c1.api.policy.v1.ConnectorProvision: description: > Indicates that a connector should perform the provisioning. This object has no fields. This message contains a oneof named provision_type. Only a single field of the following list may be set at a time: - defaultBehavior - account - deleteAccount nullable: true properties: account: $ref: >- #/components/schemas/c1.api.policy.v1.ConnectorProvision.AccountProvision defaultBehavior: $ref: >- #/components/schemas/c1.api.policy.v1.ConnectorProvision.DefaultBehavior deleteAccount: $ref: >- #/components/schemas/c1.api.policy.v1.ConnectorProvision.DeleteAccount title: Connector Provision type: object x-speakeasy-name-override: ConnectorProvision c1.api.policy.v1.DelegatedProvision: description: >- This provision step indicates that we should delegate provisioning to the configuration of another app entitlement. This app entitlement does not have to be one from the same app, but MUST be configured as a proxy binding leading into this entitlement. nullable: true properties: appId: description: The AppID of the entitlement to delegate provisioning to. readOnly: false type: string entitlementId: description: The ID of the entitlement we are delegating provisioning to. readOnly: false type: string implicit: description: >- If true, a binding will be automatically created from the entitlement of the parent app. readOnly: false type: boolean title: Delegated Provision type: object x-speakeasy-name-override: DelegatedProvision c1.api.policy.v1.ExternalTicketProvision: description: >- This provision step indicates that we should check an external ticket to provision this entitlement nullable: true properties: appId: description: The appId field. readOnly: false type: string connectorId: description: The connectorId field. readOnly: false type: string externalTicketProvisionerConfigId: description: The externalTicketProvisionerConfigId field. readOnly: false type: string instructions: description: >- This field indicates a text body of instructions for the provisioner to indicate. readOnly: false type: string title: External Ticket Provision type: object x-speakeasy-name-override: ExternalTicketProvision c1.api.policy.v1.ManualProvision: description: >- Manual provisioning indicates that a human must intervene for the provisioning of this step. nullable: true properties: assignee: $ref: '#/components/schemas/c1.api.policy.v1.ProvisionerAssignment' instructions: description: >- This field indicates a text body of instructions for the provisioner to indicate. readOnly: false type: string userIds: description: |- An array of users that are required to provision during this step. Deprecated: Use assignee field instead for dynamic provisioner assignment. items: type: string nullable: true readOnly: false type: array title: Manual Provision type: object x-speakeasy-name-override: ManualProvision c1.api.policy.v1.MultiStep: description: >- MultiStep indicates that this provision step has multiple steps to process. nullable: true properties: provisionSteps: description: The array of provision steps to process. items: $ref: '#/components/schemas/c1.api.policy.v1.ProvisionPolicy' nullable: true readOnly: false type: array title: Multi Step type: object x-speakeasy-name-override: MultiStep c1.api.policy.v1.UnconfiguredProvision: description: The UnconfiguredProvision message. nullable: true title: Unconfigured Provision type: object x-speakeasy-name-override: UnconfiguredProvision c1.api.policy.v1.WebhookProvision: description: >- This provision step indicates that a webhook should be called to provision this entitlement. nullable: true properties: webhookId: description: The ID of the webhook to call for provisioning. readOnly: false type: string title: Webhook Provision type: object x-speakeasy-name-override: WebhookProvision c1.api.policy.v1.ConnectorProvision.AccountProvision: description: > The AccountProvision message. This message contains a oneof named storage_type. Only a single field of the following list may be set at a time: - saveToVault - doNotSave nullable: true properties: config: additionalProperties: true readOnly: false type: object connectorId: description: The connectorId field. readOnly: false type: string doNotSave: $ref: '#/components/schemas/c1.api.policy.v1.ConnectorProvision.DoNotSave' saveToVault: $ref: '#/components/schemas/c1.api.policy.v1.ConnectorProvision.SaveToVault' schemaId: description: The schemaId field. readOnly: false type: string title: Account Provision type: object x-speakeasy-name-override: AccountProvision c1.api.policy.v1.ConnectorProvision.DefaultBehavior: description: The DefaultBehavior message. nullable: true properties: connectorId: description: >- this checks if the entitlement is enabled by provisioning in a specific connector this can happen automatically and doesn't need any extra info readOnly: false type: string title: Default Behavior type: object x-speakeasy-name-override: DefaultBehavior c1.api.policy.v1.ConnectorProvision.DeleteAccount: description: The DeleteAccount message. nullable: true properties: connectorId: description: The connectorId field. readOnly: false type: string title: Delete Account type: object x-speakeasy-name-override: DeleteAccount c1.api.policy.v1.ProvisionerAssignment: description: > ProvisionerAssignment defines how a provisioner is dynamically assigned. This message contains a oneof named typ. Only a single field of the following list may be set at a time: - users - appOwners - group - manager - expression - entitlementOwners properties: appOwners: $ref: '#/components/schemas/c1.api.policy.v1.AppOwnerProvisioner' entitlementOwners: $ref: '#/components/schemas/c1.api.policy.v1.EntitlementOwnerProvisioner' expression: $ref: '#/components/schemas/c1.api.policy.v1.ExpressionProvisioner' group: $ref: '#/components/schemas/c1.api.policy.v1.GroupProvisioner' manager: $ref: '#/components/schemas/c1.api.policy.v1.ManagerProvisioner' users: $ref: '#/components/schemas/c1.api.policy.v1.UserProvisioner' title: Provisioner Assignment type: object x-speakeasy-name-override: ProvisionerAssignment c1.api.policy.v1.ConnectorProvision.DoNotSave: description: The DoNotSave message. nullable: true title: Do Not Save type: object x-speakeasy-name-override: DoNotSave c1.api.policy.v1.ConnectorProvision.SaveToVault: description: The SaveToVault message. nullable: true properties: vaultIds: description: The vaultIds field. items: type: string nullable: true readOnly: false type: array title: Save To Vault type: object x-speakeasy-name-override: SaveToVault c1.api.policy.v1.AppOwnerProvisioner: description: AppOwnerProvisioner resolves to app owners. nullable: true properties: allowReassignment: description: Whether the provisioner can reassign the task. readOnly: false type: boolean fallbackUserIds: description: Fallback user IDs if no app owners are found. items: type: string nullable: true readOnly: false type: array title: App Owner Provisioner type: object x-speakeasy-name-override: AppOwnerProvisioner c1.api.policy.v1.EntitlementOwnerProvisioner: description: EntitlementOwnerProvisioner resolves to entitlement owners. nullable: true properties: allowReassignment: description: Whether the provisioner can reassign the task. readOnly: false type: boolean fallbackUserIds: description: Fallback user IDs if no entitlement owners are found. items: type: string nullable: true readOnly: false type: array title: Entitlement Owner Provisioner type: object x-speakeasy-name-override: EntitlementOwnerProvisioner c1.api.policy.v1.ExpressionProvisioner: description: >- ExpressionProvisioner evaluates CEL expressions to determine provisioners. nullable: true properties: allowReassignment: description: Whether the provisioner can reassign the task. readOnly: false type: boolean expressions: description: The CEL expressions to evaluate. items: type: string nullable: true readOnly: false type: array fallbackUserIds: description: Fallback user IDs if expression evaluation yields no users. items: type: string nullable: true readOnly: false type: array title: Expression Provisioner type: object x-speakeasy-name-override: ExpressionProvisioner c1.api.policy.v1.GroupProvisioner: description: GroupProvisioner resolves to members of a specific group. nullable: true properties: allowReassignment: description: Whether the provisioner can reassign the task. readOnly: false type: boolean appGroupId: description: The app group ID (entitlement ID). readOnly: false type: string appId: description: The app ID containing the group. readOnly: false type: string fallbackUserIds: description: Fallback user IDs if no group members are found. items: type: string nullable: true readOnly: false type: array title: Group Provisioner type: object x-speakeasy-name-override: GroupProvisioner c1.api.policy.v1.ManagerProvisioner: description: ManagerProvisioner resolves to the user's manager. nullable: true properties: allowReassignment: description: Whether the provisioner can reassign the task. readOnly: false type: boolean fallbackUserIds: description: Fallback user IDs if no manager is found. items: type: string nullable: true readOnly: false type: array title: Manager Provisioner type: object x-speakeasy-name-override: ManagerProvisioner c1.api.policy.v1.UserProvisioner: description: UserProvisioner assigns specific users as provisioners. nullable: true properties: allowReassignment: description: Whether the provisioner can reassign the task. readOnly: false type: boolean userIds: description: The user IDs to assign as provisioners. items: type: string nullable: true readOnly: false type: array title: User Provisioner type: object x-speakeasy-name-override: UserProvisioner securitySchemes: bearerAuth: scheme: bearer type: http oauth: description: >- This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the [c1TokenSource.Token()](https://github.com/ConductorOne/conductorone-sdk-go/blob/3375fe7c0126d17e7ec4e711693dee7b791023aa/token_source.go#L101-L187) function. flows: clientCredentials: scopes: {} tokenUrl: /auth/v1/token type: oauth2 ````