Difference between revisions of "Refresh Token"
From MgmtWiki
(→Solutions) |
m (→CURL Refresh) |
||
Line 14: | Line 14: | ||
===CURL Refresh=== | ===CURL Refresh=== | ||
− | Following is the curl call to refresh access token if it is expired. Thanks to | + | Following is the curl call to refresh a [[Blue Button]] access token if it is expired. Thanks to Brady Fausett. |
Token Refresh CURL Example:BB_SERVER="<BB2 sandbox or prod URL>" | Token Refresh CURL Example:BB_SERVER="<BB2 sandbox or prod URL>" |
Revision as of 13:52, 11 November 2021
Full Title or Meme
As used in this wiki a Refresh Token is one that is issued together with some sort of Grant that allows the holder of the Grant to request a new one when it expires.
Context
The Refresh Token is a means to maintain a Grant or Authorization to access a Resource over time that enables Revocation of the Grant by the owner of the Resource.
Problems
- As a general rule any Grant that is issued to any Subject cannot be guaranteed of Revocation because it is not possible to know where that Grant has been used.
- Current legislation (like GDPR) gives a User a right to Revocation of Grants.
Solutions
The Refresh Token can be used to renew an expired Grant by going back to a database to assure that the User that issued the Grant has not issued a Revocation.
CURL Refresh
Following is the curl call to refresh a Blue Button access token if it is expired. Thanks to Brady Fausett.
Token Refresh CURL Example:BB_SERVER="<BB2 sandbox or prod URL>" BB_CLIENT_ID="<your app's client ID>" BB_CLIENT_SECRET="<your app's client SECRET>"REFRESH_TOKEN="<your refresh token associated with a previously granted access token>"curl -s -w "% {http_code}" -X POST "${BB_SERVER}/v1/o/token/" \ -u "${BB_CLIENT_ID}:${BB_CLIENT_SECRET}" \ -d "grant_type=refresh_token&client_id=${BB_CLIENT_ID}&refresh_token=${REFRESH_TOKEN}"EXAMPLE RETURN FROM CURL COMMAND: {"access_token": "wlRtbVkXzUdE9Kcjc8wWnpRmJ7KuuC", "expires_in": 36000, "token_type": "Bearer", "scope": "patient/ExplanationOfBenefit.read patient/Coverage.read", "refresh_token": "gzKxj0JkKamuaOWZRaIAJyfL3e9CZW", "patient": "-19990000000003"}200