Oracle Cloud Infrastructure Documentation

Refresh Token Grant Type

Use this grant type when you want a refresh token issued along with the access token. The refresh token is used to obtain a new access token without requiring the user to reauthenticate.

To refresh a token, the access token must have been requested with a grant type that supports refresh tokens, such as Authorization Code, Resource Owner Password Credentials, and Assertion. A request is then made to the token endpoint with the grant_type parameter set to refresh_token.

Note

This grant type doesn't influence authorization flows.

Click a link to view a cURL example that includes a refresh token in the request:

See a cURL example that uses the Refresh Token Grant Type Authorization Flow Example

Refresh Token Grant Type Authorization Flow Example

This authorization flow example walks you through obtaining a new access token without requiring the user to reauthenticate.

Be sure to select the refresh token grant type when specifying a grant type that supports refresh tokens, such as Authorization Code Grant Type, Resource Owner Password Credentials Grant Type, or Assertion Grant Type.

See Refresh Token Grant Type for more information on the Refresh Token grant type.

When an application makes a request to an identity domain to obtain an access token, the request URL contains query parameters that indicate the type of access being requested.

Example Request Using the Authorization Header 

curl -i
   -H 'Authorization: Basic <base64Encoded clientid:secret' 
   -H 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8'
   --request POST https://<domainURL>/oauth2/v1/token 
   -d 'grant_type=refresh_token&refresh_token=<refresh-token>&scope=<optional scope value>'
Example Request Using a JWT Client Assertion 
   curl -i
   -H 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8'
   --request POST https://<domainURL>/oauth2/v1/token 
   -d 'grant_type=refresh_token&refresh_token=<refresh-token>&client_id=<client-id>&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&client_assertion=<client-assertion>&scope=<optional scope value>'
Example Request Using a Public Client
   curl -i 
   -H 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8' 
   --request POST https://<domainURL>/oauth2/v1/token 
   -d 'grant_type=refresh_token&refresh_token=<refresh-token-value>&client_id=<client-id-value>'