Grant type: refresh_token – when access token is expired

Last update: 29.01.2024

Was this article useful?

Grant type: refresh_token - when access token is expired

When access token expires there are two options:

full authentication (with password grant type) use saved refresh token to acquire new access token

Refresh token is special token used to obtain new access token without need to authorization with user credentials again.

Client may authenticate user with for example password grant type, and then can use only refresh token to automatically refresh/create new session without full authentication.

Notice: refresh token is valid only for one month (2592000 seconds).

Request to refresh access token, sent to /api/open/oauth/token endpoint, should have:

		{
   "grant_type" : "refresh_token",
   "client_id" : ""
   "client_secret" : ""
   "refresh_token" : ""
}

Copied to clipboard

Response depends on state of access token:

when access token is expired, in response client will receive new access token.
if token was not expired yet, client will receive same token, with information about remaining time left.

Notice: at this moment refresh token can be changed.

Please store access token and refresh token and keep it in safe place.