Feature:
Add consented_at timestamp to the Management API GET /grants Endpoint
Description:
Currently, the GET /grants endpoint returns information about user consents but does not include the timestamp of when consent was originally given. We propose adding a consented_at field to the response payload. This field should represent the exact time the user clicked Accept on the consent screen, confirming authorisation for the connected application.
Use-case:
Our application integrates with third-party services where members must grant SSO consent. We use the GET /grants endpoint to display which third-party apps a member has authorised. Including the consented_at timestamp would allow us to show when each consent was given, providing:
- Greater transparency for end users
- Improved security and auditability
- Better user experience in account management dashboards
Example Scenario:
A user reviews their connected third-party apps on their profile page. Alongside each integration, we display the date and time they granted consent - helping them easily identify recent consents or revoke older ones if necessary.