Refresh Token Flow
Requesting an access_token
using the refresh_token
is similar to other requests made to the /token
endpoint. This time though, the grant_type
is refresh_token
, and the refresh_token
is sent instead of the code
. Here is a breakdown of this flow:
- Send a
POST
request tohttps://gateway.remote.com/auth/oauth2/token
- Include the authorization header with basic authentication encoded with Base64:
- Encode in Base64 both credentials separated by a colon (:) as shown here —
<client_id>:<client_secret>
- Use the header
Authorization: Basic <client_id_and_client_secret_encoded_in_base64>
- Encode in Base64 both credentials separated by a colon (:) as shown here —
- Include the
Content-Type: application/x-www-form-urlencoded
header in the request - In the payload, you need to fill the grant type:
grant_type
filled withrefresh_token
— it's a constant valuerefresh_token
filled with the refresh token previously stored in the client
Assuming your CLIENT_ID=your_client_id
and CLIENT_SECRET=your_client_secret
, an example of what your request should look like is shown below.
$ echo -n "your_client_id:your_client_secret" | base64
eW91cl9jbGllbnRfaWQ6eW91cl9jbGllbnRfc2VjcmV0
$ curl --location \
--request POST 'https://gateway.remote.com/auth/oauth2/token' \
--header 'Authorization: Basic eW91cl9jbGllbnRfaWQ6eW91cl9jbGllbnRfc2VjcmV0' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'refresh_token=84224550-dc8f-4153-a7cd-4f38c7ef90da'
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJo...",
"refresh_token": "84224550-dc8f-4153-a7cd-4f38c7ef90da",
"expires_in": 3600,
"token_type": "Bearer"
}
Updated 15 days ago