Refresh token request
When you request an access token, it is possible to receive an additional token called a refresh token in the response. The refresh token can be used to request additional access tokens with identical or narrower scope.
Prerequisites​
In order to request a refresh token, you need to have an app configured in your Beyond Identity tenant with the Enable Refresh Tokens setting enabled.
If enabled, the create token response JSON object will contain an additional field called refresh_token, similar to RFC6749#4.1.4.
You can use that refresh token to obtain a new access token for the same identity with the same settings.
API​
Use a refresh token to obtain a new access token as follows:
Endpoints​
The request uses the app's /token endpoint:
https://auth-{us|eu}.beyondidentity.com/v1/tenants/{tenant_id}/realms/{realm_id}/applications/{application_id}/token
Create HTTP Request​
Create the HTTP request as follows:
Request URL
https://auth-{us|eu}.beyondidentity.com/v1/tenants/{tenant_id}/realms/{realm_id}/applications/{application_id}/token
Request method: POST
Request headers:
"content-type": "application/x-www-form-urlencoded"
Request body:
"grant_type": "refresh_token",
"refresh_token": "{refresh_token}"
where {refresh_token} is the base64 encoded refresh_token returned from the previous access token request
Example​
- Curl
- CSharp
- Dart
- Go
- Java
- Node
- Python
- Ruby
- Rust
/token1 2 3 4curl "https://auth-$(REGION).beyondidentity.com/v1/tenants/$(TENANT_ID)/realms/$(REALM_ID)/applications/$(APPLICATION_ID)/token" \ -X POST \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "grant_type=refresh_token&refresh_token=$(REFRESH_TOKEN)"
/token/token/token/token/token/token/token/tokenYou can read more about refresh flow in RFC-6749#6