1. Mobile Plugin Framework
  2. Obtain and Use a Refresh Token

Obtain and Use a Refresh Token

This topic outlines how to obtain a refresh token and subsequently use it to acquire a new access token.

To obtain a refresh token, you need to explicitly request it during the initial authorization code retrieval. This is done by including the "offline_access" value in the scope parameter of the "getAuthorizationCode" procedure call.

The Plugin API message would then appear as follows:

{
    "apiVersion": 1,
    "method": "callProcedure",
    "procedure": "getAuthorizationCode",
    "callId": "d18243f2-e4f9-4cd2-a357-102fda444c6a",
    "params": {
        "url": "https://idcs-****.example.com/oauth2/v1/authorize?response_type=code&client_id=****&redirect_uri=https%3A%2F%2Ffield-service-doamin.com%2Fplugin-auth-redirect%2F&scope=urn:opc:resource:faaas:fa:****urn:opc:resource:consumer::all%20offline_access"
    }
}
After the receiving code and requesting access token in the usual way (request to "/oauth2/v1/token") the response looks like:
{
    "access_token": "eyJ4NXQjUzI1NiI6Ink5bm...6VBDe_Utj5C0kA",
    "token_type": "Bearer",
    "expires_in": 3349,
    "refresh_token": "AgAgZDliM2M1OGUwY...yVHFGigEP5AB7zfYQ=="
}

To get a new access token by using the refresh token you need to call the following request:

CLIENT_ID='****'
CLIENT_SECRET='****'
REFRESH_TOKEN='****'
curl --noproxy '*' --url 'https://idcs-****.com/oauth2/v1/token' -X POST \
     -H 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8' \
     -u "$CLIENT_ID:$CLIENT_SECRET" \
     -d grant_type=refresh_token \
     -d refresh_token="$REFRESH_TOKEN"
As an alternative the credentials could be sent in data fields:
CLIENT_ID='****'
CLIENT_SECRET='****'
REFRESH_TOKEN='****'
curl --noproxy '*' --url 'https://idcs-****.com/oauth2/v1/token' -X POST \
     -H 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8' \
     -d grant_type=refresh_token \
     -d client_id="$CLIENT_ID" \
     -d client_secret="$CLIENT_SECRET" \
     -d refresh_token="$REFRESH_TOKEN"

The same request using Fetch API (JS):

fetch("https://idcs-****.com/oauth2/v1/token", {
    method: 'POST',
    headers: {
        'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8'
    },
    body: new URLSearchParams({
        grant_type: "refresh_token",
        client_secret: "****",
        client_id: "****",
        refresh_token: "****"
    })
})
.then(resp => resp.json())
.then(json => console.log(json));

For more information: see https://docs.oracle.com/en/cloud/paas/identity-cloud/rest-api/ACWebServerAppAuth.html