Refreshing an Access Token

This guide will walk you through the refreshing of an Access Token after its validity period.

Setting up

Before starting, you will need the client_id, the client_secret and scope from your Provider for your Connect Application.

Overview

The process is similar to exchanging an Authorization Code where you get an Access Token and a Refresh Token. You will exchange a Refresh Token for a new Access and Refresh Token.

Requesting a new Access Token

To do that, you just need to do a POST HTTP request to the token URL of your Provider (e.g. https://[providerFQDN]/oauth/token) with the following parameters:

client_id
required
string

Your client ID

client_secret
required
string

Your client_secret key

refresh_token
required
string

The Refresh Token you got with the previous Access Token.

grant_type
required
string

Should be refresh_token

scope
optional
string

A space separated list of Scopes

Note
The scope field must be a subset of the Scopes accepted when the Refresh Token was given to you. If empty the value will be treated as if every Scopes from the Refresh Token were provided. If you need to request extra Scopes a new Authorization Code Flow must be started. The return will be the same as when exchanging an Authorization Code for an Access Token: an access_token and a new refresh_token.
Table of Content