Access tokens are set to be short-lived, after which new tokens can be requested in exchange for a refresh_token. To refresh an access_token, send a POST HTTP request to the token endpoint, but use the refresh_token in place of the Authorization Code ( code).
Authorisation Code Flow Only
Refresh tokens are only provided when using the Authorization Code Flow. If you are using Client Credentials Flow, simply request a new access token.
Prerequisite A
You have the following information:
- Client Id (
client_id)- Client Secret (
client_secret)- Refresh Token (
refresh_token) [_from previous successful Get Access Token response_]
You only need to make a single HTTP POST request to the Token Endpoint with the specified key-value parameters within the body.
Refresh Access Token - Request
Token Endpoint
https://login.microsoftonline.com/7d548d61-6361-4a6e-85e6-509e2c05d05e/oauth2/v2.0/token
Request Body Content-Type
application/x-www-form-urlencoded
Request Example
POST /7d548d61-6361-4a6e-85e6-509e2c05d05e/oauth2/v2.0/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
client_id={client_id}
&client_secret={client_secret}
&refresh_token={refresh_token}
&scope="api%3A%2F%2Fperspiotalk%2Fall_readwrite%20offline_access"
&grant_type=refresh_token
Request Parameters
| Body Parameter | Required | Value |
|---|---|---|
| client_id | Required | From created API application in Perspio |
| client_secret | Required | From created API application in Perspio |
| refresh_token | Required | From successful Get Access Token response |
| scope | Optional | api://perspiotalk/all_readwrite offline_access |
| grant_type | Required | refresh_token |
Refresh Access Token - Response
Response Example
{
"access_token": "eyBYY...",
"token_type": "Bearer",
"expires_in": 3599,
"scope": "api%3A%2F%2Fperspiotalk%2Fall_readwrite",
"refresh_token": "AwBB...",
"id_token": "eyJ0...",
}
Response Properties
| Response Properties | Description |
|---|---|
| access_token | Access token that can be used to access PerspioTalk resources/operations |
| token_type | The only type supported is Bearer |
| expires_in | Token expiry period |
| scope | The scopes that the access is valid for. |
| refresh_token | This refresh token now be used instead of the original to fetch a new access token. |
| id_token | JWT that can be used to decode user information |
Refresh tokens typically have a relatively long lifetime. However, in some cases, refresh tokens expire, are revoked, or lack sufficient privileges for the action. In such cases, the application needs to expect and handle errors returned.
Congratulations
A valid
access tokenandrefresh tokencan now be found in the JSON response properties of a successful response payload.