This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

This page is under construction

Refresh token grant can be used when the current access token is expired and need to get a new access token. Here Refresh token act as a credential and is issued to the client by the authorization server. Issuing a refresh token is optional and if the authorization server issues a refresh token, it is included when issuing an access token. WSO2 Identity Server issues refresh tokens for grant types other than implicit grant.

Flow:

 

Recommanded Use:

 

Configurations:

		<!-- Validity period for refresh token -->
		<RefreshTokenValidityPeriod>84600</RefreshTokenValidityPeriod>
		...
        <!-- Enable renewal of refresh token for refresh_token grant -->
        <RenewRefreshTokenForRefreshGrant>true</RenewRefreshTokenForRefreshGrant>
  • RefreshTokenValidityPeriod is mentioned in seconds. By default it is valid for one day.
  • By default "RenewRefreshTokenForRefreshGrant" set to true,
      • we renew the refresh token when refresh grant is used to get an access token --> a new refresh token is issued with a new expiry time
      • previous refresh token is then expired and can no longer be used

 

Try Out Scenario with cURL:

curl -k -d "grant_type=refresh_token&refresh_token=<refresh_token>" -H "Authorization: Basic <Base64Encoded(Client_Id:Client_Secret)>" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/token

 

 

 

 

 

  • No labels