Refresh Access Token
This guide explains how to refresh an access token.
An access token has a limited lifetime and the application (client) must ensure that the access token is still valid before using it to access the resources. When the access token has expired, the application (client) must obtain a new access token to continue accessing the resources.
Reference: https://oauth.net/2/grant-types/refresh-token/
Preliminary requirements
- The refresh token must be valid and not expired. This is important because a refresh token has a long lifetime (30 days) but it can be revoked at any time by the user or the Terradue IAM service.
- The application (client) must be registered in the Terradue IAM service and have obtained a client ID and a client secret. This is required to authenticate the application (client) with the Terradue IAM service and to obtain the access token.
Refresh the access token
The access token is refreshed by sending a POST request to the token endpoint of the Terradue IAM service. The request must contain the following parameters:
client_id: The client ID of the application (client).client_secret: The client secret of the application (client).grant_type: The value must berefresh_token.refresh_token: The refresh token obtained when the access token was obtained.
The following is an example of a POST request to refresh the access token:
POST /realms/master/protocol/openid-connect/token HTTP/1.1
Host: iam.terradue.com
Content-Type: application/x-www-form-urlencoded
An implementation of the request using the curl command is shown below:
curl -X POST "https://iam.terradue.com/realms/master/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=client1" \
-d "client_secret=client1-secret" \
-d "grant_type=refresh_token" \
-d "refresh_token={refresh_token}"
The response to the request contains the refreshed access token. The following is an example of a response:
{
"access_token" : ".....",
"refresh_token" : ".....",
"expires_in" : "...."
}