Page created: 30 Sep 2020
|
Page updated: 30 Sep 2020
The following request is made by the client:
POST https://localhost:9031/as/token.oauth2 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: Basic YWNfY2xpZW50OjJGZWRlcmF0ZQ==
grant_type=refresh_token&refresh_token=123...789
Note:
A token can only be refreshed with the same or a lesser scope than the original token issued. If the token is being refreshed with the same scope as the original request, the scope parameter can be omitted. If a greater scope is required, the client must re-authenticate the user.
A successful response to this message will result in a 200 OK HTTP response and the following JSON structure in the body of the response:
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
{
"access_token":"aaa...ccc",
"token_type":"Bearer",
"expires_in":14400,
"refresh_token":"456...321"
}
Note:
Depending on the PingFederate configuration, the client could be configured to roll the refresh token returned from a refresh token request. i.e. a new refresh token is returned and the original refresh token is invalidated.