This guide will walk you through the refreshing of an Access Token after its validity period.
Setting up
Before starting, you will need the client_id, the client_secret and scope from your Provider for your Connect Application.
Overview
The process is similar to exchanging an Authorization Code where you get an Access Token and a Refresh Token. You will exchange a Refresh Token for a new Access and Refresh Token.
Requesting a new Access Token
To do that, you just need to do a POST HTTP request to the token URL of your Provider (e.g. https://[providerFQDN]/oauth/token) with the following parameters:
|
client_id required |
string | Your client ID |
|
client_secret required |
string | Your |
|
refresh_token required |
string | The Refresh Token you got with the previous Access Token. |
|
grant_type required |
string | Should be |
|
scope optional |
string | A space separated list of Scopes |
|
Note
|
The scope field must be a subset of the Scopes accepted when the Refresh Token was given to you.
If empty the value will be treated as if every Scopes from the Refresh Token were provided.
If you need to request extra Scopes a new Authorization Code Flow must be started.
The return will be the same as when exchanging an Authorization Code for an Access Token: an access_token and a new refresh_token.
|