Refresh Token Flow


Requesting an access_token using the refresh_token is similar to other requests to the /token endpoint. This time, though, the grant_type is refresh_token, and the refresh_token is sent instead of the code.

  • Send a POST request to https://gateway.remote.com/auth/oauth2/token
  • Include the authorization header with basic authentication encoded with Base64:
    • Encode in Base64 both credentials separated by a colon (:) as shown here — <client_id>:<client_secret>
    • Use the header Authorization: Basic <client_id_and_client_secret_encoded_in_base64>
  • Include the Content-Type: application/x-www-form-urlencoded header in the request
  • In the payload, you need to fill the grant type:
    • grant_type filled with refresh_token — it's a constant value
    • refresh_token filled with the refresh token **previously stored in the client

Request example

Assuming your CLIENT_ID=your_client_id and CLIENT_SECRET=your_client_secret, an example of what your request should look like is shown below.

$ echo -n "your_client_id:your_client_secret" | base64
eW91cl9jbGllbnRfaWQ6eW91cl9jbGllbnRfc2VjcmV0

$ curl --location \
       --request POST 'https://gateway.remote.com/auth/oauth2/token' \
       --header 'Authorization: Basic eW91cl9jbGllbnRfaWQ6eW91cl9jbGllbnRfc2VjcmV0' \
       --header 'Content-Type: application/x-www-form-urlencoded' \
       --data-urlencode 'grant_type=refresh_token' \
       --data-urlencode 'refresh_token=84224550-dc8f-4153-a7cd-4f38c7ef90da'

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJo...",
  "refresh_token": "84224550-dc8f-4153-a7cd-4f38c7ef90da",
  "expires_in": 3600,
  "token_type": "Bearer"
}