This is the 8th day of my participation in the August Text Challenge.More challenges in August
Refreshing the token (Refresh Token)
The refresh token is used to obtain the credentials to access the token. The refresh token is issued to the client by the authorization server to obtain a new access token when the current access token expires or expires, or to obtain additional access tokens with the same or narrower range (access tokens may have a shorter range) with less permissions than the resource owner authorized. Issuing refresh tokens is optional, at the discretion of the authorization server.
process
+--------+ +---------------+ | |--(A)------- Authorization Grant --------->| | | | | | | |<-(B)----------- Access Token -------------| | | | & Refresh Token | | | | | | | | +----------+ | | | |--(C)---- Access Token ---->| | | | | | | | | | | |<-(D)- Protected Resource --| Resource | | Authorization | | Client | | Server | | Server | | |--(E)---- Access Token ---->| | | | | | | | | | | |<-(F)- Invalid Token Error -| | | | | | +----------+ | | | | | | | |--(G)----------- Refresh Token ----------->| | | | | | | |<-(H)----------- Access Token -------------| | +--------+ & Optional Refresh Token +---------------+Copy the code(A) The client requests access to the token authorization server and provides authorization through authentication.
(B) The authorization server authenticates the client and verifies the authorization and, if valid, issues the access token and refreshes the token.
(C) The client issues a protected resource request to the resource by providing an access token.
(D) The resource server validates the access token and, if valid, serves the request.
(E) Repeat steps (C) and (D) until the access token expires. If the client knows that the access token has expired, it skips to step (G); Otherwise, it makes another protected resource request.
(F) The resource server returns an invalid token error because the access token is invalid.
(G) The client requests a new access token authorization server through authentication and provides the refresh token. This client authentication requirement is based on the client type and on the authorization server policy.
Request parameters:
| parameter | Parameters that | If required | note |
|---|---|---|---|
grant_type |
Authorization type | mandatory | It must berefresh_token |
refresh_token |
The refresh token | mandatory | The value is case insensitive |
scope |
competence | optional |
Because a refresh token is usually a persistent credential used to request additional access tokens, the refresh token is bound to the client to which it was issued. If the client credential mode is used, it is recommended to select another authentication.
Example request:
POST/token HTTP / 1.1 Host: server.example.com Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW content-type: application/x-www-form-urlencoded grant_type=refresh_token &refresh_token=tGzv3JOkF0XG5Qx2TlKWIACopy the code(H) The authorized server authenticates the client and verifies the refresh token, and if valid, issues a new access token (and, optionally, a new refresh token).
Response parameters:
| parameter | Parameters that | If required | note |
|---|---|---|---|
access_token |
The access token | mandatory | |
token_type |
Token type | mandatory | The value is case insensitive |
expires_in |
Expiration time, in seconds. | optional | If this parameter is omitted, you must set the expiration time in another way. |
refresh_token |
Update the token | optional | To get the next access token |
scope |
competence | optional | If the range is the same as that applied by the client, omit this item. |
Sample response:
{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"example",
"expires_in":3600,
"refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter":"example_value"
}
Copy the codeinstructions
You are advised to save the expiration time of the access_token and refresh_token, and determine the expiration time of the access_token and refresh_token before invoking the service API of the platform each time. If the expiration time is expired, refresh the access_token or reauthorize the service. Refersh_token can only be reauthorized if it expires.