Once you have implemented the Authorization Code flow and you've received a refresh_token it will stay alive for 14 days. In this period of time you can use this refresh_token to generate a new access_token as the access_token will only be alive for 20 minutes. This page will show you how you can use the refresh_token to obtain a new access_token. The response you will receive also contains a new refresh token. This new refresh_token will stay alive for 14 days again.
Please treat the refresh_token like a password. Store it safely in your database for future use.
Call the Unified Login server side as shown below using TLS (with extra line breaks for display purposes only):
POST /OAuth/token HTTP/1.1 Host: platform.AdultWork.com Content-Type: application/x-www-form-urlencoded grant_type=refresh_token &client_id={your-client-id} &client_secret={your-client-secret} &refresh_token={your-refresh-token}
The Unified Login validates the request to ensure that all required parameters are present and valid. The Unified Login will verify that the client_id and client_secret matches the values located in the project details page under the Unified Login tab.
If the request is valid, the Unified Login will check if the user did not revoke any scopes and creates a new response.
If the user did not revoke any scopes for your application, the Unified Login creates a new response:
An example of a successful response:
HTTP/1.1 200 OK Content-Type: application/json;charset=UTF-8 Cache-Control: no-store Pragma: no-cache { "access_token":"2YotnFZFEjr1zCsicMWpAA", "token_type":"bearer", "expires_in":3600, "refresh_token": "3Vtn6eOPE123Dl1JoMiQBBQC" }
An example of a unsuccessful response:
HTTP/1.1 401 Unauthorized Content-Type: application/json;charset=UTF-8 Cache-Control: no-store Pragma: no-cache { "error":"refresh_token_has_expired" }