The following request is made by the client:



POST https://localhost:9031/as/token.oauth2 HTTP/1.1

Content-Type: application/x-www-form-urlencoded

Authorization: Basic YWNfY2xpZW50OjJGZWRlcmF0ZQ==

grant_type=refresh_token&refresh_token=123...789
      
Note: A token can only be refreshed with the same or a lesser scope than the original token issued. If the token is being refreshed with the same scope as the original request, the scope parameter can be omitted. If a greater scope is required, the client must re-authenticate the user.

A successful response to this message will result in a 200 OK HTTP response and the following JSON structure in the body of the response:



HTTP/1.1 200 OK

Content-Type: application/json;charset=UTF-8

{
  "access_token":"aaa...ccc",
  "token_type":"Bearer",
  "expires_in":14400,
  "refresh_token":"456...321"
}
      
Note: Depending on the PingFederate configuration, the client could be configured to roll the refresh token returned from a refresh token request. i.e. a new refresh token is returned and the original refresh token is invalidated.