This is page is under construction
Refresh token grant can be used when the current access token is expired and need to get a new access token. Here Refresh token act as a credential and is issued to the client by the authorization server. Issuing a refresh token is optional and if the authorization server issues a refresh token, it is included when issuing an access token. WSO2 Identity Server issues refresh tokens for grant types other than implicit grant.
Flow:
Recommanded Use:
Configurations:
<!-- Validity period for refresh token --> <RefreshTokenValidityPeriod>84600</RefreshTokenValidityPeriod> ... <!-- Enable renewal of refresh token for refresh_token grant --> <RenewRefreshTokenForRefreshGrant>true</RenewRefreshTokenForRefreshGrant>
- RefreshTokenValidityPeriod is mentioned in seconds. By default it is valid for one day.
- By default "RenewRefreshTokenForRefreshGrant" set to true,
- we renew the refresh token when refresh grant is used to get an access token --> a new refresh token is issued with a new expiry time
- previous refresh token is then expired and can no longer be used
Try Out Scenario with cURL:
curl -k -d "grant_type=refresh_token&refresh_token=3db57284086be646ecfacb52b1f6bb92" -H "Authorization: Basic VzJPb1N4UURDVnJCazFsbmZmbzFOR0NLWmJRYTpIaDBnWkFmN2pLeEszVXh2OXpCWTFhdHEwVFVh" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/token