Refresh token functionality allows to get next access token without providing credentials.\nTo get new access token client in initial call provides client credentials with password and as return get long living\naccess_token which may be used to obtain multiple access tokens.
\nobtaining access token would always return refresh_token (refresh_token would be the same unless it would expire before current access_token)
\nexample request:
\ncurl -X POST \"APIENDPOINT/auth/6/app\" -H \"Content-Type: application/json\" -d \"{ \\\"client_id\\\": \\\"c01234567890abcdefghijklm_c01234567890abcdefghijklm\\\", \\\"client_secret\\\": \\\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890ABCD\\\", \\\"username\\\": \\\"user@company.co\\\", \\\"password\\\": \\\"12345678\\\"}\"example response:
\n{\n \"_TOKEN\": \"eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1ODg5MjY5OTcsInN1YiI6ImlkZW50aXR5SWQiLCJkYXRhIjp7InRlYW1zIjpbInRlYW1JZDEsIHRlYW1JZDIiXSwiZGVmYXVsdC1zY29wZSI6ImRlZmF1bHRTY29wZUlkIiwib3JnYW5pemF0aW9uIjoib3JnYW5pemF0aW9uSWQiLCJfQVBQTElDQVRJT04iOiJhcHBsaWNhdGlvbklkIiwiX0lERU5USVRZX0lEIjoiaWRlbnRpdHlJZCIsImV4cGlyZXMtYXQiOjE1ODg5MjY5OTc0NjgsIl9JREVOVElUWSI6ImlkZW50aXR5TmFtZSIsImNyZWF0ZWQtb24iOjE1ODg5MjY5ODc0NjgsImRlZmF1bHQtdGVhbSI6ImRlZmF1bHRUZWFtSWQifSwiaXNzIjoiaHR0cHM6XC9cL2FyYWdvLmNvIiwiYXVkIjoiYXBwbGljYXRpb25JZCIsImlhdCI6MTU4ODkyNjk4N30.$SIGNATURE\",\n \"_APPLICATION\": \"c1234567890abcdefghijklmn_c1234567890abcdefghijklmn\",\n \"_IDENTITY\": \"user@company.co\",\n \"_IDENTITY_ID\": \"c1234567890abcdefghijklmn_c1234567890abcdefghijklmn\",\n \"expires-at\": 1577711870081,\n \"refresh-token\": \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890ABCD\",\n \"type\": \"Bearer\"\n}obtaining token using refresh_token
\nexample request:
\ncurl -X POST \"APIENDPOINT/auth/6/refresh\" -H \"Content-Type: application/json\" -d \"{ \\\"client_id\\\": \\\"c01234567890abcdefghijklm_c01234567890abcdefghijklm\\\", \\\"client_secret\\\": \\\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890ABCD\\\", \\\"refresh_token\\\": \\\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890ABCD\\\"}\"example response:
\n{\n \"_TOKEN\": \"eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1ODg5MjY5OTcsInN1YiI6ImlkZW50aXR5SWQiLCJkYXRhIjp7InRlYW1zIjpbInRlYW1JZDEsIHRlYW1JZDIiXSwiZGVmYXVsdC1zY29wZSI6ImRlZmF1bHRTY29wZUlkIiwib3JnYW5pemF0aW9uIjoib3JnYW5pemF0aW9uSWQiLCJfQVBQTElDQVRJT04iOiJhcHBsaWNhdGlvbklkIiwiX0lERU5USVRZX0lEIjoiaWRlbnRpdHlJZCIsImV4cGlyZXMtYXQiOjE1ODg5MjY5OTc0NjgsIl9JREVOVElUWSI6ImlkZW50aXR5TmFtZSIsImNyZWF0ZWQtb24iOjE1ODg5MjY5ODc0NjgsImRlZmF1bHQtdGVhbSI6ImRlZmF1bHRUZWFtSWQifSwiaXNzIjoiaHR0cHM6XC9cL2FyYWdvLmNvIiwiYXVkIjoiYXBwbGljYXRpb25JZCIsImlhdCI6MTU4ODkyNjk4N30.$SIGNATURE\",\n \"_APPLICATION\": \"c1234567890abcdefghijklmn_c1234567890abcdefghijklmn\",\n \"_IDENTITY\": \"user@company.co\",\n \"_IDENTITY_ID\": \"c1234567890abcdefghijklmn_c1234567890abcdefghijklmn\",\n \"expires-at\": 1577711870081,\n \"type\": \"Bearer\"\n}if trying to refresh token using expired one it would return 401 and then one shall obtain fresh one
\naccess_token = 1h
\nrefresh_token = 24h
\nRevocation of refresh token works same way as for access token
\n