Refresh Token

From MgmtWiki
Revision as of 13:50, 11 November 2021 by Tom (talk | contribs) (Solutions)

Jump to: navigation, search

Full Title or Meme

As used in this wiki a Refresh Token is one that is issued together with some sort of Grant that allows the holder of the Grant to request a new one when it expires.


The Refresh Token is a means to maintain a Grant or Authorization to access a Resource over time that enables Revocation of the Grant by the owner of the Resource.



The Refresh Token can be used to renew an expired Grant by going back to a database to assure that the User that issued the Grant has not issued a Revocation.

CURL Refresh

Following is the curl call to refresh access token if it is expired. Thanks to Brady Fausett.

Token Refresh CURL Example:BB_SERVER="<BB2 sandbox or prod URL>"
BB_CLIENT_ID="<your app's client ID>"
BB_CLIENT_SECRET="<your app's client SECRET>"REFRESH_TOKEN="<your refresh token associated with a previously granted access token>"curl -s -w "% 
{http_code}" -X POST "${BB_SERVER}/v1/o/token/" \
   -d "grant_type=refresh_token&client_id=${BB_CLIENT_ID}&refresh_token=${REFRESH_TOKEN}"EXAMPLE RETURN FROM CURL COMMAND:    {"access_token": 
"wlRtbVkXzUdE9Kcjc8wWnpRmJ7KuuC", "expires_in": 36000, "token_type": "Bearer", "scope": "patient/ patient/", 
"refresh_token": "gzKxj0JkKamuaOWZRaIAJyfL3e9CZW", "patient": "-19990000000003"}200