OAuth 2.0 Access Token Refresh
- 08 Jul 2024
- 1 Minute to read
- Print
- DarkLight
OAuth 2.0 Access Token Refresh
- Updated on 08 Jul 2024
- 1 Minute to read
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Issue a POST to /idp/profile/oauth2/token with the following parameters.
Parameter | Type | Description |
|---|---|---|
grant_type | String required | “refresh_token” |
refresh_token | String required | The refresh token value received in the Token Response |
scope | String optional | Space-delimited API scopes, defaults to whatever scope was originally granted. |
client_id | String optional | Your Client ID. This is required if HTTP Basic Authentication is not used |
client_secret | String optional | Your Client Secret. This is required if HTTP Basic Authentication is not used |
As shown in the above table, HTTP Basic Authentication may be used instead of providing client_id and client_secret as request parameters. In that case the Client ID should be used as the username and the Client Secret should be used as the password.
Assuming the request is valid the Authorization Server will generate new Access token and Refresh tokens and returns a response in the same format as the Access Token Response.
Was this article helpful?