Difference between revisions of "Refresh Token"
m (→CURL Refresh) |
(→Solutions) |
||
| Line 14: | Line 14: | ||
===CURL Refresh=== | ===CURL Refresh=== | ||
| − | Following is the curl call to refresh a [[Blue Button]] access token if it is expired. Thanks to Brady Fausett. | + | Following is the curl call to refresh a [[Blue Button]] access token if it is expired. Thanks to Brady Fausett. Based on a request for a sample or doc to get new access token using refresh token, if previous one is expired. Currently there is not sample call available on blue button docs for getting new access token if it is expired. Instead, we need to repeat whole process of authenticating beneficiary in order to get new token. |
Token Refresh CURL Example:BB_SERVER="<BB2 sandbox or prod URL>" | Token Refresh CURL Example:BB_SERVER="<BB2 sandbox or prod URL>" | ||
Latest revision as of 13:53, 11 November 2021
Full Title or Meme
As used in this wiki a Refresh Token is one that is issued together with some sort of Grant that allows the holder of the Grant to request a new one when it expires.
Context
The Refresh Token is a means to maintain a Grant or Authorization to access a Resource over time that enables Revocation of the Grant by the owner of the Resource.
Problems
- As a general rule any Grant that is issued to any Subject cannot be guaranteed of Revocation because it is not possible to know where that Grant has been used.
- Current legislation (like GDPR) gives a User a right to Revocation of Grants.
Solutions
The Refresh Token can be used to renew an expired Grant by going back to a database to assure that the User that issued the Grant has not issued a Revocation.
CURL Refresh
Following is the curl call to refresh a Blue Button access token if it is expired. Thanks to Brady Fausett. Based on a request for a sample or doc to get new access token using refresh token, if previous one is expired. Currently there is not sample call available on blue button docs for getting new access token if it is expired. Instead, we need to repeat whole process of authenticating beneficiary in order to get new token.
Token Refresh CURL Example:BB_SERVER="<BB2 sandbox or prod URL>"
BB_CLIENT_ID="<your app's client ID>"
BB_CLIENT_SECRET="<your app's client SECRET>"REFRESH_TOKEN="<your refresh token associated with a previously granted access token>"curl -s -w "%
{http_code}" -X POST "${BB_SERVER}/v1/o/token/" \
-u "${BB_CLIENT_ID}:${BB_CLIENT_SECRET}" \
-d "grant_type=refresh_token&client_id=${BB_CLIENT_ID}&refresh_token=${REFRESH_TOKEN}"EXAMPLE RETURN FROM CURL COMMAND: {"access_token":
"wlRtbVkXzUdE9Kcjc8wWnpRmJ7KuuC", "expires_in": 36000, "token_type": "Bearer", "scope": "patient/ExplanationOfBenefit.read patient/Coverage.read",
"refresh_token": "gzKxj0JkKamuaOWZRaIAJyfL3e9CZW", "patient": "-19990000000003"}200
