Refresh Token

A refresh token is issued by the authorization server for an authorization code flow. When the current access token expires or is invalid, a refresh token is used. When the authorization server issues the access token, optionally the server can issue the refresh token.

To refresh an access token generated for access token, use the following endpoint:

Refresh Token Endpoint
Method URL
POST http://ASGServerHost:httpPort/asg/oauth2/access_token?grant_type=refresh_token&client_id=CLIENT_ID_VALUE&client_secret=CLIENT_SECRET_VALUE&refresh_token=REFRESH_TOKEN

For example,

http://demoserverapi.tibco.com:9322/asg/oauth2/access_token?grant_type=refresh_token&client_id=237-924f4a26-f1a5-4934-a17a-69c22bd52dbe&client_secret=809950e0-c21c-4f84-8dab-239dba1c3187&refresh_token=T1amGT21.Idup.3446d8984b48a7c0c531267317334ea7

where,

  • ASGServerHost is the machine running the Core Engine..
  • httpPort is the port value for HTTP transport.
  • CLIENT_ID_VALUE is the client ID of the registered application.
  • CLIENT_SECRET_VALUE is the client secret of the registerted application.
  • REFRESH_TOKEN is the access token to be refreshed.

Sample Response (Refresh Token)

The following is a sample response for refresh_token request: 

{
    "expires_in": 3600,
    "token_type": "Bearer",
    "refresh_token": "T1amGR21.IdKM.dee72962103d707169e6e51d7fd5b58",
    "access_token": "T1amGT21.Idup.e684f84d18e4bedec955c75482acef9"
}