Difference between revisions of "Refresh Token"

Revision as of 13:52, 11 November 2021

Full Title or Meme

As used in this wiki a Refresh Token is one that is issued together with some sort of Grant that allows the holder of the Grant to request a new one when it expires.

Context

The Refresh Token is a means to maintain a Grant or Authorization to access a Resource over time that enables Revocation of the Grant by the owner of the Resource.

Problems

• As a general rule any Grant that is issued to any Subject cannot be guaranteed of Revocation because it is not possible to know where that Grant has been used.
• Current legislation (like GDPR) gives a User a right to Revocation of Grants.

Solutions

The Refresh Token can be used to renew an expired Grant by going back to a database to assure that the User that issued the Grant has not issued a Revocation.

CURL Refresh

Following is the curl call to refresh a Blue Button access token if it is expired. Thanks to Brady Fausett.

Token Refresh CURL Example:BB_SERVER="<BB2 sandbox or prod URL>"
BB_CLIENT_ID="<your app's client ID>"
BB_CLIENT_SECRET="<your app's client SECRET>"REFRESH_TOKEN="<your refresh token associated with a previously granted access token>"curl -s -w "% 
{http_code}" -X POST "${BB_SERVER}/v1/o/token/" \
   -u "${BB_CLIENT_ID}:${BB_CLIENT_SECRET}" \
   -d "grant_type=refresh_token&client_id=${BB_CLIENT_ID}&refresh_token=${REFRESH_TOKEN}"EXAMPLE RETURN FROM CURL COMMAND:    {"access_token": 
"wlRtbVkXzUdE9Kcjc8wWnpRmJ7KuuC", "expires_in": 36000, "token_type": "Bearer", "scope": "patient/ExplanationOfBenefit.read patient/Coverage.read", 
"refresh_token": "gzKxj0JkKamuaOWZRaIAJyfL3e9CZW", "patient": "-19990000000003"}200

References