Refresh Token Flow
Requesting an access_token using the refresh_token is similar to other requests made to the /token endpoint. This time though, the grant_type is refresh_token, and the refresh_token is sent instead of the code. Here is a breakdown of this flow:
- Send a
POSTrequest tohttps://gateway.remote.com/auth/oauth2/token - Include the authorization header with basic authentication encoded with Base64:
- Encode in Base64 both credentials separated by a colon (:) as shown here —
<client_id>:<client_secret> - Use the header
Authorization: Basic <client_id_and_client_secret_encoded_in_base64>
- Encode in Base64 both credentials separated by a colon (:) as shown here —
- Include the
Content-Type: application/x-www-form-urlencodedheader in the request - In the payload, you need to fill the grant type:
grant_typefilled withrefresh_token— it's a constant valuerefresh_tokenfilled with the refresh token previously stored in the client
Assuming your CLIENT_ID=your_client_id and CLIENT_SECRET=your_client_secret, an example of what your request should look like is shown below.
$ echo -n "your_client_id:your_client_secret" | base64
eW91cl9jbGllbnRfaWQ6eW91cl9jbGllbnRfc2VjcmV0
$ curl --location \
--request POST 'https://gateway.remote.com/auth/oauth2/token' \
--header 'Authorization: Basic eW91cl9jbGllbnRfaWQ6eW91cl9jbGllbnRfc2VjcmV0' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'refresh_token=84224550-dc8f-4153-a7cd-4f38c7ef90da'
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJo...",
"refresh_token": "84224550-dc8f-4153-a7cd-4f38c7ef90da",
"expires_in": 3600,
"token_type": "Bearer"
}
Updated 1 day ago