Caution
The documentation you are viewing is for an older version of this component.
Switch to the latest (v3) version.
Grant
Refresh Token
The OAuth2 framework provides the ability to refresh the access token,
generating a new one with a new lifetime. This action can be performed using
the refresh_token value, if present in the access token response.
To request a token refresh, the client needs to send a POST request with
the following parameters:
grant_type= refresh_token.refresh_tokenwith the refresh token.client_idwith the client’s ID.client_secretwith the client’s secret.scopewith a space-delimited list of requested scope permissions. This is optional; if not sent, the original scopes will be used. Otherwise you can request a reduced scope; you may never expand scope during a refresh operation.
The authorization server responds with a JSON payload as follows:
{
"token_type" : "Bearer",
"expires_in" : "3600",
"refresh_token" : "YWYwNjhmNmZmMDhmZjkyOGJj...",
"access_token" : "eyJ0eXAiOiJKV1Q..."
}The values are as follows:
- The
token_typeis the type of generated token (here, and generally, Bearer). expires_inis an integer representing the time-to-live (in seconds) of the access token.- The
refresh_tokena token that can be used to refresh theaccess_tokenwhen expired. - The
access_tokencontains a JSON Web Token (JWT) signed with the authorization server’s private key. This token must be used in theAuthorizationrequest HTTP header on all subsequent requests.
