Getting an access token without resource owner permission using refresh token in subsequent attempts

Edit online

About this task

When the access token expires and if you want to access the same API, you must get another access token. If you have refresh token, you can get a new access token without getting the permission from the resource owner.

Procedure

  1. Invoke the access token endpoint.

    Request: POST http://hostname/invoke/pub.oauth/refreshAccessToken

    In the Authorization tab, select the authorization type as Basic Auth. Provide the client ID as username and client secret as password. You can get the client ID and client secret in the Authorization tab of the Application screen.

    Sample request body

    {
"grant_type":"refresh_token",
"refresh_token":"f78dd4fc5b8d4d799cf066427e828e26ce7e3723e4334416a7b9cd8a274e6947"
}
    Note: Make sure you have replaced the refresh token that you got from the Step 2 using Getting an access token with resource owner permission use case.

    Sample response body

    {
"grant_type": "refresh_token",
"refresh_token": "f78dd4fc5b8d4d799cf066427e828e26ce7e3723e4334416a7b9cd8a274e6947",
"scope": "TestRefreshtoken ",
"access_token": "c102bcaebecf451ca705bf54d26fae732ea9790a0ff64a87a010b3875b4b8da2",
"token_type": "Bearer",
"expires_in": 3600
}
  2. Access API using the REST API client. In the Authorization tab, select the authorization type as Bearer Token and provide the access token that you get from the response payload of the previous step. .