Refresh access tokens

Once you have implemented the Authorization Code flow and you've received a refresh_token it will stay alive for 14 days. In this period of time you can use this refresh_token to generate a new access_token as the access_token will only be alive for 20 minutes. This page will show you how you can use the refresh_token to obtain a new access_token. The response you will receive also contains a new refresh token. This new refresh_token will stay alive for 14 days again.

Please treat the refresh_token like a password. Store it safely in your database for future use.

 

The request

Call the Unified Login server side as shown below using TLS (with extra line breaks for display purposes only):

POST /OAuth/token HTTP/1.1
Host: platform.AdultWork.com     
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token
&client_id={your-client-id}
&client_secret={your-client-secret}
&refresh_token={your-refresh-token}

 

The Unified Login validates the request to ensure that all required parameters are present and valid. The Unified Login will verify that the client_id and client_secret matches the values located in the project details page under the Unified Login tab.

If the request is valid, the Unified Login will check if the user did not revoke any scopes and creates a new response.

 

The response

If the user did not revoke any scopes for your application, the Unified Login creates a new response:

  • access_token
    • The new access_token you can use to call the API.
  • token_type
    • bearer.
  • expires_in
    • The expiration time in seconds the access_token will stay valid.
  • refresh_token
    • The new refresh_token. Please treat the refresh_token like a password. Store it safely in your database for future use.

 

An example of a successful response: 

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
    {
       "access_token":"2YotnFZFEjr1zCsicMWpAA",
       "token_type":"bearer",
       "expires_in":3600,
       "refresh_token": "3Vtn6eOPE123Dl1JoMiQBBQC"
     }

 

 

An example of a unsuccessful response: 

HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
    {
       "error":"refresh_token_has_expired"       
    }